In our daily interactions online, trust is a fundamental currency. We trust servers to handle our data, process our requests, and reliably deliver content. But what happens when that trust is abused and turned against the server itself? What if an attacker could trick your server into becoming an unwitting accomplice, abusing its privileged position to launch attacks from within the perceived safety of your own network?
This is the core danger of Server-Side Request Forgery (SSRF), a vulnerability that has earned its own spot in the OWASP Top 10. Unlike attacks that target the end-user’s browser, SSRF sets its sights on the server, abusing its functionality to pivot, scan, and attack resources that should be unreachable from the outside world.
Below we’ll go over how SSRF attacks work using practical examples, detail its potential impact, from data exfiltration to full cloud environment compromise, and lay out a defense strategy for developers and website owners to protect their infrastructure.
What is Server-Side Request Forgery (SSRF)?
To understand SSRF, let’s use an analogy:
Consider a simple web application that offers a helpful “Convert Webpage to PDF” service. A user provides a URL of a public news article, and the company’s server visits that URL, fetches the content, and renders it as a downloadable PDF. This server, for performance and security reasons, sits inside the company’s internal network.
Now, let’s say an attacker uses this feature. Instead of providing a URL to a public news article, they submit a URL that points to an internal company resource, like
http://internal.example.com/HR/Employee-Salaries-2025.htmlThe server, processing the request, sees a URL and proceeds as instructed. Because the server itself is inside the network, it has privileged access to the internal page. It fetches the sensitive salary page, renders it into a PDF, and hands the finished document right back to the attacker. The server was tricked into using its trusted position to exfiltrate confidential data.
Server-Side Request Forgery is precisely this. It is a web security vulnerability that allows an attacker to induce a server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing. The application is “forging” a request on the server’s behalf.
Because the malicious request originates from the application’s own server, it can often bypass firewall rules and access internal, non-public resources, turning a trusted server into a malicious proxy.
How Does an SSRF Attack Work?
SSRF vulnerabilities typically arise when a web application fetches a remote resource based on a user-supplied URL, without properly validating that URL. Common examples of such functionality include:
- Generating a PDF or image preview from a web page.
- Importing a user’s profile picture from a URL.
- Querying a third-party API for data (e.g., a stock ticker).
- Using webhooks to notify other services of an event.
Let’s walk through a common scenario. A web application offers a feature to import a user’s avatar from a URL. The user provides a link to their picture, the server fetches it, and sets it as their profile image.
A legitimate request might look like this:
https://example.com/avatar/importer?url=https://some-image-host.com/user_pic.jpgThe server-side code might do something like this (in simplified PHP):
<?php // Get the URL from the user input $imageUrl = $_GET['url']; // Fetch the content from the URL $imageData = file_get_contents($imageUrl); // ... process and save the image … ?>
The file_get_contents() function takes the user-supplied URL and makes a request to it. In a normal use case, this works fine. But an attacker sees an opportunity. What if they supply a URL that points not to an image, but to an internal service?
The attacker submits the following URL:
https://example.com/avatar/importer?url=http://localhost/adminThe server, running the vulnerable code, receives this request. The $imageUrl variable becomes http://localhost/admin. The server then makes a request to its own internal /admin endpoint. This endpoint might normally be blocked from public access by firewall rules, but since the request is coming from localhost (the server itself), it is trusted.
The server fetches the content of the admin panel, and depending on the application’s logic, it might return the HTML of the admin page to the attacker, exposing sensitive links, user data, or system information.
This is a basic SSRF attack. But the potential for damage goes much, much deeper.
The Escalating Impact: What Can an Attacker Do with SSRF?
The severity of an SSRF vulnerability can range from informational to catastrophic. In the hands of a skilled attacker, a simple SSRF flaw can be a foothold for a much larger compromise.
Internal Network Port Scanning
An attacker can use the vulnerable server as a proxy to scan the internal network for open ports and active services. By systematically feeding the SSRF endpoint with internal IP addresses and different port numbers (e.g., http://192.168.0.1:8080, http://192.168.0.2:3306), they can map out the internal network architecture. The application’s error messages or response times can reveal whether a port is open, closed, or filtered.
Sensitive Data Exposure
The most direct impact is accessing internal files and services. An attacker could use different URL schemes to read local files:
- file:///etc/passwd – To read the list of users on a Linux system.
- file:///c:/windows/win.ini – To read system configuration on a Windows server.
They can also interact with internal services that lack authentication, such as databases (Redis, MongoDB), search indexes (Elasticsearch), or internal APIs, potentially exfiltrating vast amounts of data.
Bypassing Access Controls and Interacting with Internal Applications
As in our primary example, SSRF can be used to access internal-only applications like administrative dashboards, internal wikis like Confluence, or code repositories like GitLab. By chaining the SSRF vulnerability, an attacker could potentially exploit other vulnerabilities in these internal applications to achieve remote code execution.
Abusing Metadata Services
This is arguably the most critical impact of SSRF in modern infrastructure. Major cloud providers (AWS, Google Cloud, Azure) have special, non-routable IP addresses that instances can query to get metadata about themselves. This metadata often includes temporary security credentials (session tokens, API keys) that grant the instance permissions to interact with other cloud services.
The most notorious of these is the AWS EC2 Instance Metadata Service (IMDS), located at the “magic” IP address: 169.254.169.254.
An attacker can use an SSRF vulnerability to make the server request its own cloud credentials:
https://example.com/vulnerable-feature?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/EC2-Admin-RoleIf the server’s response is returned to the attacker, they will receive a valid AccessKeyId, SecretAccessKey, and Token. With these credentials, the attacker can use AWS tools from their own machine and assume the same permissions as the compromised server. If that server has an overly permissive role (a common misconfiguration), the attacker could gain control over S3 buckets, databases, and other critical parts of the cloud environment. This exact technique was the root cause of the massive Capital One data breach in 2019.
SSRF vs. CSRF: A Crucial Distinction
While their acronyms are similar, Server-Side Request Forgery (SSRF) and Cross-Site Request Forgery (CSRF) are fundamentally different.
- Target: CSRF targets the user’s browser. SSRF targets the web server.
- Trust Exploited: CSRF exploits the trust a website has in a user’s browser (by forcing it to send requests with the user’s cookies). SSRF exploits the trust a server or network has in the vulnerable application server.
- Execution: In CSRF, the victim is the authenticated user whose browser makes a forged request. In SSRF, the victim is the server itself, which is tricked into making a forged request.
In short, CSRF makes a user’s browser perform an unwanted action. SSRF makes the server perform an unwanted action.
How to Prevent and Mitigate SSRF Vulnerabilities
Protecting against SSRF requires an in-depth strategy, combining robust application-level controls with secure network architecture. You cannot rely on a single line of defense.
For Developers: Application-Level Defenses
- Never Trust User Input for URLs: This is the golden rule. Any part of a request URL that is influenced by user input must be treated as hostile.
- Use and Enforce an Allowlist: The most effective strategy is to maintain a strict allowlist of the exact domains, IP addresses, and ports that your application legitimately needs to connect to. All other requests should be denied by default. A blacklist approach (denying access to
localhost,169.254.169.254, etc.) is fragile and almost always bypassable with encoding tricks, DNS rebinding, or redirects. - Validate URL Schemes: If your application only needs to make HTTP or HTTPS requests, explicitly disable all other URL schemes like
file://,gopher://,dict://, andftp://. This prevents attackers from using these protocols to read local files or interact with other services. - Do Not Send Raw Responses: The server’s response from the requested URL should never be sent directly back to the client. The application should process the response, validate that it’s in the expected format (e.g., a valid image file), and then pass only the necessary data back to the user. This prevents the leaking of sensitive information from internal service responses.
- Disable Redirects: Your HTTP client library should be configured to not follow redirects. An attacker can easily point to an allowed domain that then redirects to a forbidden internal IP address, bypassing your validation.
For System Administrators and DevOps: Architectural Defenses
- Network Segmentation: Your server should not be able to connect to every other machine on the internal network. Use firewall rules (or security groups in the cloud) to restrict outbound traffic from your web servers. They should only be able to initiate connections to the specific internal services they absolutely require. This principle of least privilege can contain the damage of a successful SSRF exploit.
- Enforce Authentication on Internal Services: Internal services, even those not exposed to the internet, should require authentication. Services like Redis, Elasticsearch, and internal dashboards should never be accessible without credentials. A “zero-trust” network model assumes that any request, even from an internal source, could be malicious.
- Harden Cloud Configurations (IMDSv2): For cloud environments, this is critical. If you are using AWS, enforce the use of Instance Metadata Service Version 2 (IMDSv2). IMDSv2 introduces session-based authentication, requiring a separate
PUTrequest to get a token before metadata can be accessed. This simple, session-oriented flow cannot be executed by a standard SSRF vulnerability, effectively mitigating the primary cloud attack vector. - Use a Web Application Firewall (WAF): A WAF can serve as an important layer of defense. While not a silver bullet, a WAF can be configured with rules to detect and block common SSRF patterns in incoming requests. It can block requests containing keywords like
localhost,127.0.0.1, or the metadata IP169.254.169.254in URL parameters. This virtual patching can protect your application from known attack vectors while your developers work on a more permanent fix.
Treating the Server as a Fortress
Server-Side Request Forgery is a powerful and dangerous vulnerability precisely because it turns your own infrastructure against you. It breaks the fundamental trust model of a segmented network, allowing an external attacker to reach deep into your internal systems.
Win the battle against SSRF through a proactive, layered security posture. It starts with developers who write secure code, reinforced by administrators who build resilient networks, and supported by tools like a WAF to provide a crucial layer of virtual patching and monitoring.
Luke Leal
John Castro
Northon Torga
Juliana Lewis
Cesar Anjos
Denis Sinegubko
Ben Martin
