Package Exports
- ssrf-req-filter
- ssrf-req-filter/lib/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (ssrf-req-filter) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
ssrf-req-filter - Prevent SSRF Attacks 🛡️
Server-Side Request Forgery (SSRF)
SSRF is an attack vector that abuses an application to interact with the internal/external network or the machine itself. One of the enablers for this vector is the mishandling of URLs. Read More
Install
npm install ssrf-req-filter
Usage
- Axios:
const ssrfFilter = require('ssrf-req-filter');
const url = 'https://127.0.0.1'
axios.get(url, {httpAgent: ssrfFilter(url), httpsAgent: ssrfFilter(url)})
.then((response) => {
console.log(`Success`);
})
.catch((error) => {
console.log(`${error.toString().split('\n')[0]}`);
})
.then(() => {
});- Node-fetch:
const ssrfFilter = require('ssrf-req-filter');
const fetch = require("node-fetch");
const url = 'https://127.0.0.1'
fetch(url, {
agent: ssrfFilter(url)
})
.then((response) => {
console.log(`Success`);
})
.catch(error => {
console.log(`${error.toString().split('\n')[0]}`);
});Note: It's recommended to overwrite both httpAgent and httpsAgent in Axios with ssrf-req-filter. Otherwise, SSRF mitigation can be bypassed via cross protocol redirects. Refer to Doyensec's research for more information.
Credits: Implementation inspired By https://github.com/welefen/ssrf-agent