About configuring SSRF
To enable the SSRF functionality, the parameter which carries the IP addresses or domain names must be configured as a parameter of data type URI.
Configure the IP addresses and domain names such that if any of such URI parameter contains configured entries, then the BIG-IP will block the traffic and raise a violation server-side access to disallowed host.
Also, the BIG-IP will block the request and raise a violation illegal parameter data type if any of the following condition is met:
-
If IP address as URI is received, when the Host Name Representation field in set to Domain Name.
-
If host name as URI is received, when the Host Name Representation field in set to IP address.
-
If an invalid host name or IP address is received.
Parent topic:Mitigating Server-Side Request Forgery