Symptoms

There is only a default 'disallow' action available for the SSRF host configuration API endpoint 'policies/ssrf-disallowed-hosts', whereas it is supposed to have 'allow' and 'resolve' options as well.

Impact

This results in the improper configuration of the SSRF hosts and the feature and functionality will be limited from a usability perspective.

Conditions

- AWAF enabled - SSRF feature enabled

Workaround

None

Fix Information

The rest endpoint 'policies/ssrf-hosts' have the 'allow', 'disallow' and 'resolve' options.

Behavior Change