What are the three SSRF waf rules

Hello
Can anyone explain what does the following rules supposed to block?

SSRF HOST
SSRF CLOUD
SSRF LOCAL

Greatly appreciated
T.

a screeshot of the rules as part of the cloudflare managed ruleset

sure
attached
thank you

Anyone?

@cloudflare team - anyone there?

Please help

They are intended to block malicious SSRF requests.

1 Like

Thanks
Can you provide details?
For example what is cloud vs host rules?
Thanks again

Host rules would focus on requests meant to exploit things link 127.0.0.1 or localhost. Cloud rules would focus on SSRF requests against cloud specific assets such as AWS credentials.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.