diff --git a/classes/local/outagelib.php b/classes/local/outagelib.php
index 5386859..82cab6a 100644
--- a/classes/local/outagelib.php
+++ b/classes/local/outagelib.php
@@ -57,7 +57,7 @@ class outagelib {
         global $CFG;
         require_once($CFG->libdir . '/filelib.php');
 
-        $curl = new curl();
+        $curl = new curl(['ignoresecurity' => true]);
         $contents = $curl->get($file);
         $info = $curl->get_info();
         if (!empty($info['content_type'])) {
diff --git a/tests/local/controllers/maintenance_static_page_test.php b/tests/local/controllers/maintenance_static_page_test.php
index 2fb469f..29f79df 100644
--- a/tests/local/controllers/maintenance_static_page_test.php
+++ b/tests/local/controllers/maintenance_static_page_test.php
@@ -423,6 +423,37 @@ class maintenance_static_page_test extends \auth_outage\base_testcase {
         maintenance_static_page_io::file_get_data(200);
     }
 
+    /**
+     * Test file_get_data with curlsecurityblockedhosts.
+     * We will use an external URL to test passing ignoresecurity inside of file_get_data works,
+     * ideally in real code we should only be calling file_get_data with internal URLs.
+     */
+    public function test_file_get_data_curlsecurityblockedhosts() {
+        global $CFG, $USER;
+
+        $testhtml = $this->getExternalTestFileUrl('/test.html');
+        $url = new \moodle_url($testhtml);
+        $host = $url->get_host();
+        set_config('curlsecurityblockedhosts', $host); // Blocks $host.
+
+        // Test a regular curl with the default security enabled does in fact get blocked.
+        $curl = new \curl();
+        $contents = $curl->get($testhtml);
+        $expected = $curl->get_security()->get_blocked_url_string();
+        self::assertSame($expected, $contents);
+        self::assertSame(0, $curl->get_errno());
+        if ($CFG->branch >= 403) {
+            self::assertDebuggingCalled(
+                "Blocked $testhtml: The URL is blocked. [user {$USER->id}]", DEBUG_NONE);
+        }
+
+        // Test file_get_data does return the page and isn't blocked by security.
+        $found = maintenance_static_page_io::file_get_data($url->out());
+        $expected = '47250a973d1b88d9445f94db4ef2c97a';
+        self::assertSame($expected, md5($found['contents']));
+        self::assertSame('text/html', $found['mime']);
+    }
+
     /**
      * Test remove css selector.
      */