Server-Side Forgery
OWASP Top 10
Course 1 · Chapter 10 · A10: Server-Side Request Forgery
A10 is about forging requests on the server's behalf. If a web server fetches a URL provided by an attacker, the attacker can make the server request internal resources, cloud metadata, or other services — effectively using the server as a proxy into the network the server trusts. SSRF is the server-side cousin of CSRF (which forges requests from the browser). The CSRF course touched on this as a related attack; A10 brings it into focus.
A10: Server-Side Request Forgery (SSRF)
This category covers vulnerabilities where the server makes HTTP requests to a URL that an attacker controls (or influences). The attacker crafts a URL pointing to an internal resource, the server fetches it, and the attacker learns something (or causes an action) they shouldn't be able to. Common targets are internal APIs, cloud metadata services, localhost services, databases, and internal dashboards.
The Attack Landscape (What Attackers Target)
| Target | What It Is | Example Payload | Why It's Dangerous |
|---|---|---|---|
| AWS Metadata Service | Cloud metadata endpoint (169.254.169.254) | http://169.254.169.254/latest/meta-data/iam/security-credentials/role-name | Exposes AWS credentials, role tokens, instance details |
| Localhost Services | Internal services on port 80, 8080, 5432, 27017 | http://localhost:27017 (MongoDB) | Access to DBs, admin dashboards, not intended to be public |
| Internal APIs | APIs only on internal network (e.g., payment processor, CRM) | http://internal-api.corp/admin/users | Attacker makes requests to APIs they shouldn't access |
| Private IPs | Addresses in 10.x, 172.16–31.x, 192.168.x | http://10.0.0.5/admin | Enumeration of internal network, discovery of services |
| File URLs | Local filesystem access (file://) | file:///etc/passwd | Read sensitive files on the server |
| Gopher/Dict | Legacy protocols (Gopher, Dict) | gopher://localhost:25 (SMTP) | Access to ports/services not intended for HTTP, bypass filters |
How SSRF Attacks Work
The attack flow:
- Attacker-controlled URL parameter — app has a feature like "fetch and embed a preview of this URL" or "download a file from this URL" or "webhook callback to this endpoint."
- Attacker crafts a malicious URL — pointing to an internal resource (e.g.,
http://localhost:8080/admin, orhttp://169.254.169.254/latest/meta-data/). - Server makes the request — the server's HTTP client (curl, requests, urllib) fetches the URL on the attacker's behalf.
- Attacker gains information or causes an action — either the response is returned to the attacker (informative SSRF), or the attacker infers success from side effects (blind SSRF, timing, error messages).
SSRF vs CSRF (Cousins, Not Twins)
Both are forgery attacks, but the actor is different:
- CSRF (Cross-Site Request Forgery) — attacker tricks the user's browser into making a request (e.g., POST to /transfer-money). The request comes from the user's IP and session. The user's browser makes the request.
- SSRF (Server-Side Request Forgery) — attacker tricks the server into making a request (e.g., fetch a URL). The request comes from the server's IP and network privileges. The server makes the request.
CSRF is blocked by same-site cookies, CSRF tokens, and origin checks. SSRF is blocked by URL validation and network filtering (don't allow the server to request internal resources).
Defences Against SSRF
1. URL Validation / Allowlisting (the primary defence)
- Allowlist expected domains — if the feature is "fetch an image from a user-provided URL," explicitly list which domains are allowed (e.g., only
images.cdn.example.com). Reject anything else. - Block dangerous IP ranges — 127.0.0.1, localhost, 0.0.0.0, 169.254.169.254 (AWS), 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 (private networks). Reject any URL that resolves to these.
- Validate after DNS resolution — an attacker might use DNS rebinding (first lookup returns attacker's IP, second returns localhost). Validate the resolved IP, not the hostname.
2. Network Filtering (defence in depth)
- Egress filtering — the server's firewall rules prevent outbound connections to internal IPs or certain ports (e.g., database ports 5432, 27017, 3306). The server can't reach them, even if SSRF is exploited.
- Restricted HTTP client — use an HTTP client that doesn't follow redirects (an attacker could redirect to an internal URL), doesn't support dangerous schemes (file://, gopher://), and enforces timeouts.
3. Least Privilege for Outbound Requests
- Separate network segment — outbound requests come from a sandboxed service with no access to internal APIs / databases / metadata.
- VPC/network isolation — the server is in a subnet that cannot reach internal services (only specific, whitelisted external services).
Hands-On Exercises
Explain SSRF in contrast to CSRF: who makes the request, from where, and what does an attacker gain? Then give 3 SSRF attack targets (AWS metadata, localhost DB, internal API) and explain what each exposes.
📄 View solutionDesign a URL validation defence against SSRF. List 5 dangerous IP ranges / hostnames to block, explain why each is dangerous, and then explain why blocking by hostname alone (without DNS resolution) is insufficient (DNS rebinding attack).
📄 View solutionSketch a feature that's vulnerable to SSRF ("fetch a preview from a URL"). Then design the code with 3 defences: (a) URL validation/allowlisting, (b) network filtering, (c) least privilege. Explain how each defence independently prevents the attack.
📄 View solutionChapter 10 Quick Reference
- A10 Server-Side Request Forgery — server makes HTTP requests to attacker-controlled URL; attacker targets internal resources (APIs, metadata, DBs, localhost)
- Common targets: AWS metadata (169.254.169.254) · localhost services (ports 5432, 27017, 8080) · internal APIs · private IPs (10.x, 172.16–31.x, 192.168.x) · file:// URLs
- SSRF vs CSRF: CSRF forges browser requests; SSRF forges server requests. SSRF comes from server's IP/network privilege, reaching internal resources.
- Defences: URL validation + allowlisting (block private IPs/ranges, localhost, metadata services) · validate AFTER DNS resolution (detect DNS rebinding) · network egress filtering (prevent server from reaching internal ports) · restricted HTTP client (no redirects, no dangerous schemes) · least privilege (server can't reach internal services)
- SSRF is often blind: attacker learns from timing, error messages, or side effects; not always obvious like SQLi
- Next: Combined OWASP Top 10 summary & how the 10 categories interconnect
OWASP Top 10 (2021) — The Full Picture
Interconnections: A01 (authz) + A07 (auth) = system identity. A02 (crypto) + A08 (integrity) = trust verification. A03 (injection) + A04 (design) = preventing hostile input. A05 (miscfg) + A06 (deps) + A09 (logging) = operational security. A10 (SSRF) + A01 (authz) = internal attack surface. All 10 depend on threat modeling (A04) and visibility (A09).