What SSRF Is
Server Side Request Forgery happens when an application fetches a URL supplied or influenced by the user, and an attacker abuses that to make the server send requests to unintended destinations. Because the request originates from inside your network, it can reach internal services that are unreachable from the public internet.
Why It Is Dangerous
- The server often sits behind the firewall, so SSRF pivots into internal admin panels and metadata services.
- Cloud instance metadata endpoints can leak temporary credentials when reached from a vulnerable host.
- Attackers probe localhost ports and internal IP ranges to map and exploit hidden services.
Defenses
- Allowlist the exact hosts and schemes the feature is allowed to fetch, and reject everything else.
- Resolve the hostname and validate the resolved IP to block private and link local ranges, defeating DNS rebinding.
- Disable unused URL schemes like file and gopher, and block redirects to internal targets.
- Require authentication on internal services rather than trusting network position alone.
Key idea
SSRF abuses the server's trusted network position, so validate the resolved destination against a strict allowlist and never let user input choose internal targets.