Manual Chapter : About configuring SSRF

Applies To:

  • BIG-IP ASM

    21.0.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0

back-action Mitigating Server-Side Request Forgery

Updated Date: 04/14/2026

About configuring SSRF

To enable the SSRF functionality, the parameter which carries the IP addresses or domain names must be configured as a parameter of data type URI.

Configure the IP addresses and domain names such that if any of such URI parameter contains configured entries, then the BIG-IP will block the traffic and raise a violation server-side access to disallowed host.

Also, the BIG-IP will block the request and raise a violation illegal parameter data type if any of the following condition is met:

  • If IP address as URI is received, when the Host Name Representation field in set to Domain Name.

  • If host name as URI is received, when the Host Name Representation field in set to IP address.

  • If an invalid host name or IP address is received.