SSRF (Server-Side Request Forgery)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="proxy.php?url=https%3A%2F%2Fstatuscodefyi.com%2Fiframe%2Fglossary%2Fssrf%2F" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://statuscodefyi.com/glossary/ssrf/Add a dynamic SVG badge to your README or docs.
[](https://statuscodefyi.com/glossary/ssrf/)Use the native HTML custom element.
An attack where an attacker manipulates a server into issuing HTTP requests to internal resources — such as cloud metadata endpoints, internal APIs, or databases — that should not be reachable from the public internet. SSRF exploits features like URL fetching, webhooks, and PDF generation that allow user-supplied URLs. Mitigations include allowlist validation of URLs, blocking RFC 1918 address ranges, and using egress firewalls to restrict outbound server traffic.