diff --git a/src/main/java/org/opensearch/geospatial/ip2geo/common/Ip2GeoSettings.java b/src/main/java/org/opensearch/geospatial/ip2geo/common/Ip2GeoSettings.java
index f48bb84c..142055ee 100644
--- a/src/main/java/org/opensearch/geospatial/ip2geo/common/Ip2GeoSettings.java
+++ b/src/main/java/org/opensearch/geospatial/ip2geo/common/Ip2GeoSettings.java
@@ -8,7 +8,7 @@
 import java.net.MalformedURLException;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.util.Collections;
+import java.util.Arrays;
 import java.util.List;
 import java.util.function.Function;
 
@@ -77,10 +77,34 @@ public class Ip2GeoSettings {
 
     /**
      * A list of CIDR which will be blocked to be used as datasource endpoint
+     * Private network addresses will be blocked as default
      */
     public static final Setting<List<String>> DATASOURCE_ENDPOINT_DENYLIST = Setting.listSetting(
         "plugins.geospatial.ip2geo.datasource.endpoint.denylist",
-        Collections.emptyList(),
+        Arrays.asList(
+            "127.0.0.0/8",
+            "169.254.0.0/16",
+            "10.0.0.0/8",
+            "172.16.0.0/12",
+            "192.168.0.0/16",
+            "0.0.0.0/8",
+            "100.64.0.0/10",
+            "192.0.0.0/24",
+            "192.0.2.0/24",
+            "198.18.0.0/15",
+            "192.88.99.0/24",
+            "198.51.100.0/24",
+            "203.0.113.0/24",
+            "224.0.0.0/4",
+            "240.0.0.0/4",
+            "255.255.255.255/32",
+            "::1/128",
+            "fe80::/10",
+            "fc00::/7",
+            "::/128",
+            "2001:db8::/32",
+            "ff00::/8"
+        ),
         Function.identity(),
         Setting.Property.NodeScope,
         Setting.Property.Dynamic