Haschek-Solutions/http2pic
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: opt-in SSRF protection via BLOCK_PRIVATE_IPS env var

Browse Source
This commit is contained in:
Chris
2026-04-21 12:26:54 +02:00
parent 9295115742
commit 4ab30bcc1d
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
web/index.php
View File

@@ -57,6 +57,25 @@ switch ($url[0]) {
$js = $_REQUEST['js'] == 'false' ? false : true; $js = $_REQUEST['js'] == 'false' ? false : true;
if (defined('BLOCK_PRIVATE_IPS') && BLOCK_PRIVATE_IPS) {
$host = parse_url($target, PHP_URL_HOST);
if (filter_var($host, FILTER_VALIDATE_IP)) {
$resolvedIp = $host;
} else {
$resolvedIp = gethostbyname($host);
if ($resolvedIp === $host) {
header('HTTP/1.0 403 Forbidden');
echo 'URL not allowed';
exit;
}
}
if (isPrivateIP($resolvedIp)) {
header('HTTP/1.0 403 Forbidden');
echo 'URL not allowed';
exit;
}
}
$serverUrl = 'http://localhost:4444'; $serverUrl = 'http://localhost:4444';
$options = new \Facebook\WebDriver\Chrome\ChromeOptions(); $options = new \Facebook\WebDriver\Chrome\ChromeOptions();
$options->addArguments(['--headless', '--disable-gpu', '--no-sandbox', '--disable-dev-shm-usage']); $options->addArguments(['--headless', '--disable-gpu', '--no-sandbox', '--disable-dev-shm-usage']);