SSRF (Server Side Request Forgery)
SSRF (Server Side Request Forgery) is a vulnerability where an attacker manipulates a server to send unintended requests, often leading to unauthorized access of internal services or data.
How SSRF Works:
An application allows users to fetch remote URLs (e.g., fetching profile images), but it does not properly validate the requested URL. An attacker exploits this by making the server request internal or restricted URLs.
Example of SSRF Vulnerability:
A web app allows fetching external images using: https://example.com/fetch?url=http://example.com/image.jpg
An attacker changes the URL to:
https://example.com/fetch?url=http://localhost/admin
If the server processes this request, it might expose internal services that were never meant to be accessed publicly.
Dangers of SSRF
1. Accessing Internal Services: Attackers can reach private/internal endpoints (e.g., http://localhost:8000/admin).
2. Bypassing Firewalls: SSRF can be used to interact with internal services not exposed to the public.
3. Extracting Metadata from Cloud Services:
AWS: http://169.254.169.254/latest/meta-data/
GCP: http://metadata.google.internal/computeMetadata/v1/
4. Port Scanning Internal Networks: Attackers can probe different internal services.
How to Prevent SSRF
1. Whitelist Allowed Domains – Only allow specific, trusted domains to be accessed.
2. Deny Private IP Ranges – Block internal addresses (127.0.0.1, 169.254.169.254, 192.168.0.0/16, etc.).
3. Use URL Parsing & Validation – Ensure the URL is properly validated and doesn’t redirect to internal services.
4. Restrict HTTP Methods – Limit requests to only GET if necessary.
5. Use Network Firewalls – Block outbound requests to internal services from the web server.
6. Monitor & Log Requests – Keep track of unusual request patterns to detect exploitation attempts.