this code prevents internal ssrf.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


As a challange i tried to make a patch for every variant of internal server side request forgery.

The ssrf.php version is based on fopen and ssrf-with-curl.php is based on curl_init().

it's protected again's:

every internal ip in url. ( as well octal/hexdeminal/binery encoded )

location header redirect to internal ip's.

internal ip returned using dns.

2 ip's on one domain using dns.