Server-Side Forgery

OWASP Top 10

Course 1 · Chapter 10 · A10: Server-Side Request Forgery

A10 is about forging requests on the server's behalf. If a web server fetches a URL provided by an attacker, the attacker can make the server request internal resources, cloud metadata, or other services — effectively using the server as a proxy into the network the server trusts. SSRF is the server-side cousin of CSRF (which forges requests from the browser). The CSRF course touched on this as a related attack; A10 brings it into focus.

A10: Server-Side Request Forgery (SSRF)

This category covers vulnerabilities where the server makes HTTP requests to a URL that an attacker controls (or influences). The attacker crafts a URL pointing to an internal resource, the server fetches it, and the attacker learns something (or causes an action) they shouldn't be able to. Common targets are internal APIs, cloud metadata services, localhost services, databases, and internal dashboards.

The Attack Landscape (What Attackers Target)

TargetWhat It IsExample PayloadWhy It's Dangerous
AWS Metadata ServiceCloud metadata endpoint (169.254.169.254)http://169.254.169.254/latest/meta-data/iam/security-credentials/role-nameExposes AWS credentials, role tokens, instance details
Localhost ServicesInternal services on port 80, 8080, 5432, 27017http://localhost:27017 (MongoDB)Access to DBs, admin dashboards, not intended to be public
Internal APIsAPIs only on internal network (e.g., payment processor, CRM)http://internal-api.corp/admin/usersAttacker makes requests to APIs they shouldn't access
Private IPsAddresses in 10.x, 172.16–31.x, 192.168.xhttp://10.0.0.5/adminEnumeration of internal network, discovery of services
File URLsLocal filesystem access (file://)file:///etc/passwdRead sensitive files on the server
Gopher/DictLegacy protocols (Gopher, Dict)gopher://localhost:25 (SMTP)Access to ports/services not intended for HTTP, bypass filters

How SSRF Attacks Work

The attack flow:

  1. Attacker-controlled URL parameter — app has a feature like "fetch and embed a preview of this URL" or "download a file from this URL" or "webhook callback to this endpoint."
  2. Attacker crafts a malicious URL — pointing to an internal resource (e.g., http://localhost:8080/admin, or http://169.254.169.254/latest/meta-data/).
  3. Server makes the request — the server's HTTP client (curl, requests, urllib) fetches the URL on the attacker's behalf.
  4. Attacker gains information or causes an action — either the response is returned to the attacker (informative SSRF), or the attacker infers success from side effects (blind SSRF, timing, error messages).
SSRF is often silent
Unlike SQL injection (which produces errors), SSRF often succeeds silently. The server fetches the internal URL, and the attacker sees either: (a) the response content (metadata, data, admin pages), (b) a timing difference (service is up vs. down), or (c) an error message (e.g., "MongoDB connection failed" leaks that a MongoDB is running on localhost). Blind SSRF (where the attacker learns nothing directly) can still be chained with other attacks (exfiltration via DNS requests, exploitation of internal services).

SSRF vs CSRF (Cousins, Not Twins)

Both are forgery attacks, but the actor is different:

  • CSRF (Cross-Site Request Forgery) — attacker tricks the user's browser into making a request (e.g., POST to /transfer-money). The request comes from the user's IP and session. The user's browser makes the request.
  • SSRF (Server-Side Request Forgery) — attacker tricks the server into making a request (e.g., fetch a URL). The request comes from the server's IP and network privileges. The server makes the request.

CSRF is blocked by same-site cookies, CSRF tokens, and origin checks. SSRF is blocked by URL validation and network filtering (don't allow the server to request internal resources).

Defences Against SSRF

1. URL Validation / Allowlisting (the primary defence)

  • Allowlist expected domains — if the feature is "fetch an image from a user-provided URL," explicitly list which domains are allowed (e.g., only images.cdn.example.com). Reject anything else.
  • Block dangerous IP ranges — 127.0.0.1, localhost, 0.0.0.0, 169.254.169.254 (AWS), 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 (private networks). Reject any URL that resolves to these.
  • Validate after DNS resolution — an attacker might use DNS rebinding (first lookup returns attacker's IP, second returns localhost). Validate the resolved IP, not the hostname.

2. Network Filtering (defence in depth)

  • Egress filtering — the server's firewall rules prevent outbound connections to internal IPs or certain ports (e.g., database ports 5432, 27017, 3306). The server can't reach them, even if SSRF is exploited.
  • Restricted HTTP client — use an HTTP client that doesn't follow redirects (an attacker could redirect to an internal URL), doesn't support dangerous schemes (file://, gopher://), and enforces timeouts.

3. Least Privilege for Outbound Requests

  • Separate network segment — outbound requests come from a sandboxed service with no access to internal APIs / databases / metadata.
  • VPC/network isolation — the server is in a subnet that cannot reach internal services (only specific, whitelisted external services).

Hands-On Exercises

Exercise 1

Explain SSRF in contrast to CSRF: who makes the request, from where, and what does an attacker gain? Then give 3 SSRF attack targets (AWS metadata, localhost DB, internal API) and explain what each exposes.

📄 View solution
Exercise 2

Design a URL validation defence against SSRF. List 5 dangerous IP ranges / hostnames to block, explain why each is dangerous, and then explain why blocking by hostname alone (without DNS resolution) is insufficient (DNS rebinding attack).

📄 View solution
Exercise 3

Sketch a feature that's vulnerable to SSRF ("fetch a preview from a URL"). Then design the code with 3 defences: (a) URL validation/allowlisting, (b) network filtering, (c) least privilege. Explain how each defence independently prevents the attack.

📄 View solution

Chapter 10 Quick Reference

  • A10 Server-Side Request Forgery — server makes HTTP requests to attacker-controlled URL; attacker targets internal resources (APIs, metadata, DBs, localhost)
  • Common targets: AWS metadata (169.254.169.254) · localhost services (ports 5432, 27017, 8080) · internal APIs · private IPs (10.x, 172.16–31.x, 192.168.x) · file:// URLs
  • SSRF vs CSRF: CSRF forges browser requests; SSRF forges server requests. SSRF comes from server's IP/network privilege, reaching internal resources.
  • Defences: URL validation + allowlisting (block private IPs/ranges, localhost, metadata services) · validate AFTER DNS resolution (detect DNS rebinding) · network egress filtering (prevent server from reaching internal ports) · restricted HTTP client (no redirects, no dangerous schemes) · least privilege (server can't reach internal services)
  • SSRF is often blind: attacker learns from timing, error messages, or side effects; not always obvious like SQLi
  • Next: Combined OWASP Top 10 summary & how the 10 categories interconnect

OWASP Top 10 (2021) — The Full Picture

A01 Access Control — who can do what; authz checks, IDORs, forced browsing
A02 Crypto Failures — weak/missing encryption, bad key mgmt, weak hashing
A03 Injection — SQL, OS command, SSTI, XSS (absorbed); data vs. code
A04 Insecure Design — threat modeling, secure-by-design, missing defences before code
A05 Misconfiguration — default creds, verbose errors, missing security headers, IaC drift
A06 Outdated Components — known-vulnerable deps, supply chain, SBOM/SCA/patching
A07 Auth Failures — weak passwords, no MFA, session flaws, weak recovery
A08 Integrity Failures — deserialization RCE, CI/CD pipeline, unsigned updates, artifact signing
A09 Logging Failures — insufficient logs, tampered logs, no monitoring/alerting
A10 SSRF — server forges requests to internal resources; URL validation & network filtering

Interconnections: A01 (authz) + A07 (auth) = system identity. A02 (crypto) + A08 (integrity) = trust verification. A03 (injection) + A04 (design) = preventing hostile input. A05 (miscfg) + A06 (deps) + A09 (logging) = operational security. A10 (SSRF) + A01 (authz) = internal attack surface. All 10 depend on threat modeling (A04) and visibility (A09).