What is SSRF and How to Protect Your API Routes

Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to make your server send requests to unintended locations. While it might sound obscure, SSRF has been behind some of the most significant security breaches in recent years, and it's particularly common in applications built with AI coding tools that implement URL-fetching functionality.

What is SSRF?

SSRF occurs when an application fetches a remote resource based on user-supplied input without properly validating the destination. The attacker doesn't directly access the internal resource — instead, they trick your server into making the request on their behalf.

Think of it like this: your server is inside a secure network with access to internal services, databases, and cloud infrastructure. SSRF turns your server into a proxy that an attacker can use to reach those internal resources from the outside.

How SSRF Works

Consider an API endpoint that fetches data from a URL:

// VULNERABLE Next.js API route
export async function GET(request) {
  const url = request.nextUrl.searchParams.get('url');
  const response = await fetch(url);
  const data = await response.text();
  return Response.json({ content: data });
}

A normal request might look like: /api/fetch?url=https://api.example.com/data

But an attacker could request: /api/fetch?url=http://169.254.169.254/latest/meta-data/

This targets the AWS metadata service, which runs on every EC2 instance and contains sensitive information including IAM credentials, instance identity, and security tokens — all accessible without authentication from within the instance.

What Attackers Can Access Through SSRF

Cloud metadata services are the most critical target. AWS (169.254.169.254), Google Cloud (metadata.google.internal), and Azure (169.254.169.254) all expose metadata endpoints that contain credentials and configuration data.

Internal network services like databases, admin panels, monitoring tools, and other services that aren't exposed to the internet become accessible through SSRF.

Local file system can sometimes be read using file:// protocol URLs: file:///etc/passwd

Port scanning of the internal network is possible by observing response times and error messages when targeting different internal IPs and ports.

Preventing SSRF

URL Validation and Allowlisting

The most effective defense is to validate and restrict the destinations your server can reach:

import { URL } from 'url';
import dns from 'dns/promises';
import { isPrivate } from 'ip';
async function validateUrl(urlString) {
  const url = new URL(urlString);
// Only allow HTTPS
  if (url.protocol !== 'https:') {
    throw new Error('Only HTTPS URLs are allowed');
  }
// Resolve hostname to check for internal IPs
  const addresses = await dns.resolve(url.hostname);
  for (const addr of addresses) {
    if (isPrivate(addr) || addr === '127.0.0.1' || addr.startsWith('169.254.')) {
      throw new Error('Internal addresses are not allowed');
    }
  }
return url;
}

Block Internal IP Ranges

Always block requests to private IP ranges: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and link-local 169.254.0.0/16.

Disable Unnecessary URL Schemes

Only allow http:// and https:// — block file://, gopher://, ftp://, and other schemes that could be used for exploitation.

Use a Dedicated Egress Proxy

Route all outbound requests through a proxy that enforces destination restrictions, logs all requests, and prevents access to internal resources.

SSRF in AI-Generated Code

AI coding tools frequently generate URL-fetching functionality without any validation. Prompts like "build an API that previews a URL" or "create a proxy endpoint" produce code that directly fetches user-supplied URLs — creating a textbook SSRF vulnerability.

Vuln0x provides both a general SSRF Scanner (8 credits) that tests for internal network access, cloud metadata exposure, URL scheme bypass, and DNS rebinding, and a Next.js-specific SSRF Detection scanner (1 credit) focused on API route patterns.

Sentinel — the AI pentest agent — automatically tests for SSRF as part of its 7-phase methodology, chaining SSRF findings with reconnaissance data to identify exploitable paths to internal services.

Test your API routes for SSRF: Scan free with Vuln0x — 20 credits on signup, no credit card required.