Skip to content

What is SSRF and why is the cloud metadata service a target?

Short answer

SSRF tricks a server into making HTTP (or other) requests to a destination the attacker chooses, abusing the server's network position to reach internal services behind the firewall. In the cloud it is especially severe because the instance metadata service (e.g. 169.254.169.254) can hand back IAM credentials, turning an SSRF into cloud account compromise.

Server-side request forgery (SSRF) is when an application takes a URL or address from user input and makes a request to it from the server. Think of a feature that fetches a remote image, validates a webhook, or imports a document from a link. The attacker supplies a URL the developer never intended, and the server — sitting inside the trust boundary — makes the request on the attacker's behalf.

Why the server's position is the prize

The server can reach things the attacker cannot: internal admin panels, databases, other microservices, and link-local addresses, all behind the firewall. SSRF effectively turns the vulnerable server into a proxy into the internal network, enabling internal port scanning and reaching unauthenticated internal APIs. The shapes these requests take — link-local addresses, scheme tricks, encoding bypasses — are catalogued in collections of SSRF payloads.

The cloud metadata twist

Cloud instances expose an instance metadata service at a link-local address (AWS/GCP/Azure use 169.254.169.254). It returns instance configuration — and critically, temporary IAM credentials for the role attached to the instance. An SSRF that reaches that endpoint can read those credentials and use them against the cloud account, escalating a single web bug into broad cloud compromise. This is the path behind several large breaches.

Mitigations

  • IMDSv2 (AWS) requires a session token obtained via a PUT request with a hop limit, which a simple SSRF GET cannot perform — blocking the credential theft path.
  • Allowlist outbound destinations rather than blocklisting; blocklists miss DNS rebinding, redirects, IPv6, decimal/octal IP encodings, and 0.0.0.0.
  • Resolve and validate the target IP after DNS resolution, disable unneeded URL schemes, and isolate the fetcher in a restricted network segment.

Interviewers look for the "server makes attacker-chosen requests" definition, the metadata/IAM credential escalation, IMDSv2, and the insight that blocklisting is fragile so allowlisting is preferred.

Likely follow-ups

  • How does IMDSv2 mitigate metadata-based SSRF?
  • Why is blocklisting 'localhost' an incomplete SSRF defense?
  • How can SSRF be used for internal port scanning?

Sources

Get 100 cybersecurity interview questions + answers

Drop your email and we'll send you the free PDF pack and the flashcard deck.

No spam. Unsubscribe anytime.