Last Modified: Jul 12, 2021
Opened: Dec 09, 2020
There is only a default 'disallow' action available for the SSRF host configuration API endpoint 'policies/ssrf-disallowed-hosts', whereas it is supposed to have 'allow' and 'resolve' options as well.
This results in the improper configuration of the SSRF hosts and the feature and functionality will be limited from a usability perspective.
- AWAF enabled - SSRF feature enabled
The rest endpoint 'policies/ssrf-hosts' have the 'allow', 'disallow' and 'resolve' options.