diff --git a/ee/app/models/ee/application_setting.rb b/ee/app/models/ee/application_setting.rb
index 947b1fe2a86418eed49ec81fad90e284af700d20..fc0d7123f7e40f40d01da28ec69b3fe61a982623 100644
--- a/ee/app/models/ee/application_setting.rb
+++ b/ee/app/models/ee/application_setting.rb
@@ -545,10 +545,11 @@ def check_elasticsearch_url_scheme
       # ElasticSearch only exposes a RESTful API, hence we need
       # to use the HTTP protocol on all URLs.
       elasticsearch_url.each do |str|
-        ::Gitlab::UrlBlocker.validate!(str,
+        ::Gitlab::HTTP_V2::UrlBlocker.validate!(str,
           schemes: %w[http https],
           allow_localhost: true,
-          dns_rebind_protection: false)
+          dns_rebind_protection: false,
+          deny_all_requests_except_allowed: deny_all_requests_except_allowed?)
       end
     rescue ::Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError
       errors.add(:elasticsearch_url, "only supports valid HTTP(S) URLs.")
diff --git a/lib/bulk_imports/common/pipelines/wiki_pipeline.rb b/lib/bulk_imports/common/pipelines/wiki_pipeline.rb
index 68d511b065fc8102af7d9a50e7251fc1000185f4..429a28dcb4c8eddf70793094a8f81e8ef2e4d9b2 100644
--- a/lib/bulk_imports/common/pipelines/wiki_pipeline.rb
+++ b/lib/bulk_imports/common/pipelines/wiki_pipeline.rb
@@ -22,7 +22,12 @@ def load(context, data)
           wiki = context.portable.wiki
           url = data[:url].sub("://", "://oauth2:#{context.configuration.access_token}@")
 
-          Gitlab::UrlBlocker.validate!(url, schemes: %w[http https], allow_local_network: allow_local_requests?, allow_localhost: allow_local_requests?)
+          Gitlab::HTTP_V2::UrlBlocker.validate!(
+            url,
+            schemes: %w[http https],
+            allow_local_network: allow_local_requests?,
+            allow_localhost: allow_local_requests?,
+            deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
 
           wiki.create_wiki_repository
           wiki.repository.fetch_as_mirror(url)
diff --git a/lib/bulk_imports/projects/pipelines/repository_pipeline.rb b/lib/bulk_imports/projects/pipelines/repository_pipeline.rb
index a2b1f8c51768e9753770c4da808f096357961bf3..04c887441f48b7d68ab2b141630bdc7bd481860a 100644
--- a/lib/bulk_imports/projects/pipelines/repository_pipeline.rb
+++ b/lib/bulk_imports/projects/pipelines/repository_pipeline.rb
@@ -21,7 +21,12 @@ def load(context, data)
           url = url.sub("://", "://oauth2:#{context.configuration.access_token}@")
           project = context.portable
 
-          Gitlab::UrlBlocker.validate!(url, schemes: %w[http https], allow_local_network: allow_local_requests?, allow_localhost: allow_local_requests?)
+          Gitlab::HTTP_V2::UrlBlocker.validate!(
+            url,
+            schemes: %w[http https],
+            allow_local_network: allow_local_requests?,
+            allow_localhost: allow_local_requests?,
+            deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
 
           project.ensure_repository
           project.repository.fetch_as_mirror(url)
diff --git a/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb b/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb
index 39c9c121797dff397b7d9a10b8a8969f110ed24f..a371c33d9ea66c0198ecfeff1ab1d7f1013079a0 100644
--- a/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb
+++ b/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb
@@ -53,10 +53,11 @@ def oauth2(url)
         end
 
         def validate_url(url)
-          Gitlab::UrlBlocker.validate!(
+          Gitlab::HTTP_V2::UrlBlocker.validate!(
             url,
             allow_local_network: allow_local_requests?,
             allow_localhost: allow_local_requests?,
+            deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
             schemes: %w[http https]
           )
         end
diff --git a/lib/gitlab/error_tracking/error_repository/open_api_strategy.rb b/lib/gitlab/error_tracking/error_repository/open_api_strategy.rb
index 3b0b4c6e9351e1c48b586d993dec8d96b7f302c5..9b9b0f65633b739ab3a5c2cf193f2e13e9bd4ecd 100644
--- a/lib/gitlab/error_tracking/error_repository/open_api_strategy.rb
+++ b/lib/gitlab/error_tracking/error_repository/open_api_strategy.rb
@@ -232,7 +232,11 @@ def configured_api_url
           url = Gitlab::CurrentSettings.current_application_settings.error_tracking_api_url ||
             'http://localhost:8080'
 
-          Gitlab::UrlBlocker.validate!(url, schemes: %w[http https], allow_localhost: true)
+          Gitlab::HTTP_V2::UrlBlocker.validate!(
+            url,
+            schemes: %w[http https],
+            allow_localhost: true,
+            deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
 
           URI(url)
         end
diff --git a/lib/gitlab/github_gists_import/importer/gist_importer.rb b/lib/gitlab/github_gists_import/importer/gist_importer.rb
index 71dfe5e2aa5b293f6471606b23965703daaa986c..c2456f83711105b6fdac1fcb1ef69a930a83a51f 100644
--- a/lib/gitlab/github_gists_import/importer/gist_importer.rb
+++ b/lib/gitlab/github_gists_import/importer/gist_importer.rb
@@ -58,11 +58,13 @@ def import_repository
         end
 
         def get_resolved_address
-          validated_pull_url, host = Gitlab::UrlBlocker.validate!(gist.git_pull_url,
-                                      schemes: Project::VALID_IMPORT_PROTOCOLS,
-                                      ports: Project::VALID_IMPORT_PORTS,
-                                      allow_localhost: allow_local_requests?,
-                                      allow_local_network: allow_local_requests?)
+          validated_pull_url, host = Gitlab::HTTP_V2::UrlBlocker.validate!(
+            gist.git_pull_url,
+            schemes: Project::VALID_IMPORT_PROTOCOLS,
+            ports: Project::VALID_IMPORT_PORTS,
+            allow_localhost: allow_local_requests?,
+            allow_local_network: allow_local_requests?,
+            deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
 
           host.present? ? validated_pull_url.host.to_s : ''
         end
diff --git a/lib/gitlab/kubernetes/kube_client.rb b/lib/gitlab/kubernetes/kube_client.rb
index 44e53e9ec70d968f795344c68dcf8eeade5b5799..593090902e796e2f73283b676105088953567a44 100644
--- a/lib/gitlab/kubernetes/kube_client.rb
+++ b/lib/gitlab/kubernetes/kube_client.rb
@@ -161,7 +161,11 @@ def create_or_update_secret(resource)
       def validate_url!
         return if Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
 
-        Gitlab::UrlBlocker.validate!(api_prefix, allow_local_network: false, schemes: %w[http https])
+        Gitlab::HTTP_V2::UrlBlocker.validate!(
+          api_prefix,
+          allow_local_network: false,
+          schemes: %w[http https],
+          deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
       end
 
       def service_account_exists?(resource)
diff --git a/lib/gitlab/octokit/middleware.rb b/lib/gitlab/octokit/middleware.rb
index f944f9827a3282f08d8ed4d03ff4c985a80a9f3d..a93526da5ca20e7347f77695bb4e5665047c911c 100644
--- a/lib/gitlab/octokit/middleware.rb
+++ b/lib/gitlab/octokit/middleware.rb
@@ -8,11 +8,12 @@ def initialize(app)
       end
 
       def call(env)
-        Gitlab::UrlBlocker.validate!(env[:url],
+        Gitlab::HTTP_V2::UrlBlocker.validate!(env[:url],
           schemes: %w[http https],
           allow_localhost: allow_local_requests?,
           allow_local_network: allow_local_requests?,
-          dns_rebind_protection: dns_rebind_protection?
+          dns_rebind_protection: dns_rebind_protection?,
+          deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
         )
 
         @app.call(env)
diff --git a/spec/lib/gitlab/github_gists_import/importer/gist_importer_spec.rb b/spec/lib/gitlab/github_gists_import/importer/gist_importer_spec.rb
index b098a1516601fe9209bf884779af070584768017..b64348d447baf608e2be4bee1a7f3c58858345ac 100644
--- a/spec/lib/gitlab/github_gists_import/importer/gist_importer_spec.rb
+++ b/spec/lib/gitlab/github_gists_import/importer/gist_importer_spec.rb
@@ -167,13 +167,16 @@
         before do
           allow(::Gitlab::CurrentSettings)
             .to receive(:allow_local_requests_from_web_hooks_and_services?).and_return(true)
+          allow(::Gitlab::CurrentSettings)
+            .to receive(:deny_all_requests_except_allowed?).and_return(true)
         end
 
         it 'raises error' do
-          expect(Gitlab::UrlBlocker)
+          expect(Gitlab::HTTP_V2::UrlBlocker)
             .to receive(:validate!)
             .with(url, ports: [80, 443], schemes: %w[http https git],
-                       allow_localhost: true, allow_local_network: true)
+                       allow_localhost: true, allow_local_network: true,
+                       deny_all_requests_except_allowed: true)
             .and_raise(Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError)
 
           expect { subject.execute }.to raise_error(Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError)
@@ -184,13 +187,16 @@
         before do
           allow(::Gitlab::CurrentSettings)
             .to receive(:allow_local_requests_from_web_hooks_and_services?).and_return(false)
+          allow(::Gitlab::CurrentSettings)
+            .to receive(:deny_all_requests_except_allowed?).and_return(true)
         end
 
         it 'raises error' do
-          expect(Gitlab::UrlBlocker)
+          expect(Gitlab::HTTP_V2::UrlBlocker)
             .to receive(:validate!)
             .with(url, ports: [80, 443], schemes: %w[http https git],
-                       allow_localhost: false, allow_local_network: false)
+                       allow_localhost: false, allow_local_network: false,
+                       deny_all_requests_except_allowed: true)
             .and_raise(Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError)
 
           expect { subject.execute }.to raise_error(Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError)