SsrfValidatingHttpMessageHandler Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.SecureHttpFetch
SsrfValidatingHttpMessageHandler Class
HTTP message handler that prevents SSRF attacks through comprehensive validation: 1. Hostname-based blocking (localhost, internal, .local TLDs, etc.) 2. DNS resolution and IP-based blocking (private ranges, loopback, link-local) 3. Re-validation immediately before HTTP request to prevent DNS rebinding (TOCTOU attacks)
public class SsrfValidatingHttpMessageHandler : System.Net.Http.DelegatingHandler
Inheritance System.Object → System.Net.Http.HttpMessageHandler → System.Net.Http.DelegatingHandler → SsrfValidatingHttpMessageHandler
Remarks
Defense-in-depth SSRF protection includes: - Blocking common internal hostnames (localhost, internal, intranet, corp, home, lan) - Blocking internal TLDs (.local, .localhost, .internal, .intranet, .corp, .home, .lan) - Blocking single-label hostnames without dots (typically internal) - DNS resolution with private IP blocking (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, etc.) - Protection against DNS rebinding where attacker changes DNS between validation and request
The synchronous scheme/hostname/IP-literal rules are shared with registration-time validation via ISecureUriValidator; the DNS re-resolution below is unique to the request path.
Attack scenario prevented: 1. Initial validation: evil.com resolves to 8.8.8.8 (public IP, passes validation) 2. DNS TTL expires (low TTL like 1 second) 3. Attacker changes DNS: evil.com now resolves to 127.0.0.1 4. HTTP request: Without this handler, request would go to localhost 5. With this handler: DNS is re-validated, private IP detected, request blocked
Constructors
SsrfValidatingHttpMessageHandler(IOptions<SecureHttpFetchOptions>, ISecureUriValidator) Constructor
HTTP message handler that prevents SSRF attacks through comprehensive validation: 1. Hostname-based blocking (localhost, internal, .local TLDs, etc.) 2. DNS resolution and IP-based blocking (private ranges, loopback, link-local) 3. Re-validation immediately before HTTP request to prevent DNS rebinding (TOCTOU attacks)
public SsrfValidatingHttpMessageHandler(Microsoft.Extensions.Options.IOptions<Abblix.Oidc.Server.Features.SecureHttpFetch.SecureHttpFetchOptions> options, Abblix.Oidc.Server.Features.SecureHttpFetch.ISecureUriValidator uriValidator);
Parameters
options Microsoft.Extensions.Options.IOptions<SecureHttpFetchOptions>
uriValidator ISecureUriValidator
Remarks
Defense-in-depth SSRF protection includes: - Blocking common internal hostnames (localhost, internal, intranet, corp, home, lan) - Blocking internal TLDs (.local, .localhost, .internal, .intranet, .corp, .home, .lan) - Blocking single-label hostnames without dots (typically internal) - DNS resolution with private IP blocking (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, etc.) - Protection against DNS rebinding where attacker changes DNS between validation and request
The synchronous scheme/hostname/IP-literal rules are shared with registration-time validation via ISecureUriValidator; the DNS re-resolution below is unique to the request path.
Attack scenario prevented: 1. Initial validation: evil.com resolves to 8.8.8.8 (public IP, passes validation) 2. DNS TTL expires (low TTL like 1 second) 3. Attacker changes DNS: evil.com now resolves to 127.0.0.1 4. HTTP request: Without this handler, request would go to localhost 5. With this handler: DNS is re-validated, private IP detected, request blocked