How to check if URL is public (anti-SSRF)?

567 Views Asked by At

I have a form on the site which allows the user to input URL - node.js app will then use request module to fetch that URL, analyze the response, and print some data back to the user.

I want to make sure rogue users are unable to input intranet addresses, such as 127.0.0.1, localhost, 192.168.0.1, etc. as it seems like a potential security risk. Is it possible to do without querying the IP of the host twice (First with dns.lookup and then with request module)?

0

There are 0 best solutions below