URL Checks
Enable the GeoServer URLCheck functionality.
OGC Services Web Services by design allow clients to reference external resources by URL. Enabling the URL Check setting prevents the abuse of these services for Server Side Request Forgery.
Reference:
Enable URL Checks
- Navigate to page. 
- Select the checkbox Enable checks are disabled.   - Enable/Disable URL Checks 
- Press OK to confirm this setting change.   - Enable URL checks 
- Confirm URL checks are enabled, no further action is required.   - URL checks are enabled 
- If required see URL Checks for examples of allowing access to specific external resources.