diff --git a/proxy/lib/snowflake.go b/proxy/lib/snowflake.go
index d408c89..6fcc46d 100644
--- a/proxy/lib/snowflake.go
+++ b/proxy/lib/snowflake.go
@@ -690,9 +690,15 @@ func checkIsRelayURLAcceptable(
 	}
 	if !allowPrivateIPs {
 		hostname := parsedRelayURL.Hostname()
+		ipArray, _ := net.LookupIP(hostname)
 		if isHostnameLocal(hostname) {
 			return fmt.Errorf("rejected Relay URL: private hostnames are not allowed")
 		}
+		for _, ip := range ipArray {
+			if !isRemoteAddress(ip) {
+				return fmt.Errorf("rejected Relay URL: private IPs are not allowed")
+			}
+		}
 		ip := net.ParseIP(hostname)
 		// Otherwise it's a domain name, or an invalid IP.
 		if ip != nil {