Last updated: April 26, 2026
SSRF (Server-Side Request Forgery) is the vulnerability where an attacker makes the server fetch a URL on their behalf. Most articles focus on AWS metadata extraction. The actual SSRF attack surface in 2026 is broader — GCP and Azure metadata endpoints, on-prem internal services, third-party SaaS reaching back into AWS, DNS rebinding bypasses. This article covers SSRF beyond AWS and the architectural defences that close every variant.
The cloud metadata endpoints
| Cloud | Endpoint | Notes |
|---|---|---|
| AWS | http://169.254.169.254/latest/meta-data/ |
IMDSv2 enforces session token; many environments still on IMDSv1 |
| GCP | http://metadata.google.internal/computeMetadata/v1/ |
Requires Metadata-Flavor: Google header (mostly mitigated) |
| Azure | http://169.254.169.254/metadata/instance?api-version=2021-02-01 |
Requires Metadata: true header |
| Alibaba | http://100.100.100.200/latest/meta-data/ |
No auth header required; vulnerable similarly to IMDSv1 |
| Oracle | http://169.254.169.254/opc/v1/instance/ |
Used in OCI; similar pattern |
Test all of them when you find SSRF. Indian companies often run multi-cloud; one application may live in AWS but call services in Azure or GCP, and the SSRF reach extends accordingly.
On-prem internal services
SSRF inside corporate networks reaches:
- Internal admin panels on
http://localhost:8080,http://10.0.x.x,http://192.168.x.xranges - Service discovery / Consul / etcd on default ports
- Redis on 6379, MongoDB on 27017 — services commonly bound to localhost without auth
- Internal Jenkins, Jira, Confluence — often less-protected than public-facing apps
- Kubernetes API on 10250 (kubelet) or 8080 (insecure API)
- Elasticsearch on 9200 — historically wide open
The classic SSRF + Redis combination: SSRF lets you send Redis commands to the internal Redis; Redis CONFIG SET / SAVE writes a webshell to the web server’s directory; remote code execution achieved.
DNS rebinding bypass
If the application validates URLs by resolving the hostname and checking for private IPs, attackers use DNS rebinding:
- Attacker registers
attacker.comwith a controlled DNS server - DNS server returns public IP for the first resolution (passes URL validation)
- On second resolution (during the actual fetch), DNS returns 169.254.169.254 or 10.0.0.1
- Application fetches the internal URL believing it had validated the destination
Defence: validate at fetch-time, not validation-time, or use a fetch library that resolves once and uses that IP for the entire request.
Other bypasses
- URL parsing inconsistency — application parses URL one way, fetch library another. Examples:
http://attacker.com#@169.254.169.254/— some parsers seeattacker.com, some see169.254.169.254. - Decimal IP encoding —
http://2852039166/equalshttp://169.254.169.254/. Some validators only check for dotted-quad format. - IPv6 alternatives —
http://[::ffff:169.254.169.254]/,http://[fd00:ec2::254]/on AWS,http://[fe80::a9fe:a9fe]/. - Redirects — application validates direct URL but follows redirects without re-validating.
- Gopher protocol —
gopher://URLs let you craft arbitrary TCP payloads. Use to interact with non-HTTP services (Redis, MySQL, SMTP) via SSRF.
How to test for SSRF
- Identify any place URL or domain input is accepted: image fetchers, webhook configurations, profile imports, RSS readers, PDF generators, OAuth callback handlers, link previewers.
- Test cloud metadata endpoints (all major clouds).
- Test localhost, internal IP ranges (RFC 1918).
- Test DNS rebinding via
rbndr.usor your own controlled DNS. - Test URL parser bypasses.
- Test gopher:// for protocol smuggling.
- Burp Collaborator for blind SSRF detection — if your collaborator gets a request, the SSRF is confirmed.
Detection — what works
- Egress filtering at VPC / network level — block outbound connections from application servers to RFC 1918 internal addresses, except specific allow-listed destinations.
- Block metadata endpoints from application networks at firewall layer, unless legitimate need.
- SSRF-aware WAF rules — block requests with metadata IPs, internal IPs, decimal-IP encoding in URL params.
- Application logs for outbound HTTP requests with anomalous destinations.
The architectural fix
- Allow-list destination domains — applications fetching URLs should specify exactly which domains are permitted. Anything else is rejected.
- Use a separate egress proxy — application traffic flows through a proxy that enforces destination policy.
- Block private IP ranges at the proxy — even if URL validation is bypassed, the proxy refuses to connect to RFC 1918.
- Enforce IMDSv2 / Metadata-Flavor headers on cloud workloads — basic SSRFs cannot send required headers.
- Bind internal services to localhost only where possible; require explicit network policies for inter-service communication.
How to find your next SSRF
- Map every URL-input field in the application. Each is a candidate.
- Test multi-cloud metadata endpoints.
- Test internal service ports — Redis, MongoDB, Elasticsearch, Kubernetes API.
- If basic IPv4 metadata fails, test IPv6 alternatives, decimal encoding, DNS rebinding.
Compliance angle
- OWASP Top 10 A10:2021 — Server-Side Request Forgery is its own top-10 category since 2021.
- DPDP §8(5) — SSRF allowing internal-service compromise is a defensible-security failure.
- SEBI CSCRF — application security testing must cover SSRF.
The takeaway
SSRF is broader than AWS metadata extraction. Multi-cloud environments, internal services, and DNS rebinding extend the attack surface significantly. The fix is allow-list-based egress at the network layer plus IMDSv2 enforcement. Run Burp Collaborator against every URL-input field in your application; the surprises are usually waiting.
Get a VAPT scoping call
Senior practitioner-led VAPT — not a checklist run by juniors. CVSS-scored findings, free retest, attestation letter. India's SMBs and SaaS teams.