diff --git a/app/lib/fasp/request.rb b/app/lib/fasp/request.rb
index 2002e90bb06..cf2324212fb 100644
--- a/app/lib/fasp/request.rb
+++ b/app/lib/fasp/request.rb
@@ -29,7 +29,7 @@ class Fasp::Request
     response = HTTP
                .headers(headers)
                .use(http_signature: { key:, covered_components: COVERED_COMPONENTS })
-               .send(verb, url, body:)
+               .send(verb, url, body:, socket_class: ::Request::Socket)
 
     validate!(response)
 
diff --git a/app/lib/request.rb b/app/lib/request.rb
index 4858aa4bc24..59c0e725265 100644
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -349,5 +349,5 @@ class Request
     end
   end
 
-  private_constant :ClientLimit, :Socket, :ProxySocket
+  private_constant :ClientLimit
 end
diff --git a/spec/lib/fasp/request_spec.rb b/spec/lib/fasp/request_spec.rb
index 9b354c8f44b..171d03bdbda 100644
--- a/spec/lib/fasp/request_spec.rb
+++ b/spec/lib/fasp/request_spec.rb
@@ -55,6 +55,24 @@ RSpec.describe Fasp::Request do
         end
       end
     end
+
+    context 'when the provider host name resolves to a private address' do
+      around do |example|
+        WebMock.disable!
+        example.run
+        WebMock.enable!
+      end
+
+      it 'raises Mastodon::ValidationError' do
+        resolver = instance_double(Resolv::DNS)
+
+        allow(resolver).to receive(:getaddresses).with('reqprov.example.com').and_return(%w(0.0.0.0 2001:db8::face))
+        allow(resolver).to receive(:timeouts=).and_return(nil)
+        allow(Resolv::DNS).to receive(:open).and_yield(resolver)
+
+        expect { subject.send(method, '/test_path') }.to raise_error(Mastodon::ValidationError)
+      end
+    end
   end
 
   describe '#get' do