You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There is no single technique to stop SSRF from occurring. However, implementing the right combination of defensive measures within the application can prevent and limit the impact of SSRF. Some best practices include the following:
- Sanitize user input to only include expected values
- Within the application layer, use an allow list for approved DNS servers that the application can query. Additionally, rate limit the number of DNS queries that can be requested within a certain period of time
- Within the application layer, use an allow list for approved DNS servers that the application can query. Additionally, rate limit the number of DNS queries that can be requested within a certain period of time
- Within the network layer, apply segregation principles to limit the network access of the application to only needed areas of the network
For more information, refer to the following resources:
