Overview: Server-Side Request Forgery (SSRF)¶

You can configure WAF to protect against Server-Side Request Forgery (SSRF) for a security policy. In an SSRF attack the attacker takes advantage of parameters that contain dynamic IP addresses or domain names which the server application invokes. Rather than letting the server access the legitimate destination, the attacker crafts a request that populates the parameter with an address of a server or files in the server that it is not allowed to access. Identify the parameters that are subject to SSRF attack and configure the IP address or domain name to deny, allow or resolve access from these parameters.

SSRF management on BIG-IP Next Central Manager¶

Manage SSRF protection on BIG-IP Next Central Manager
API use cases for SSRF protection on BIG-IP Next Central Manager

SSRF management in BIG-IP Next Central Manager’s Policy Editor¶

How to: Configure SSRF protection

Previous Next