GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Embed Notice

HTML Code

Corresponding Notice

  1. Embed this notice
    Matt Hamilton [Maryland] (eriner@noagendasocial.com)'s status on Wednesday, 16-Aug-2023 04:23:27 JSTMatt Hamilton [Maryland]Matt Hamilton [Maryland]
    in reply to
    • Alex Gleason

    @alex like you mentioned, resolving DNS and inspecting the records is the only full-proof way. You’d want to disable the aws/gcp metadata endpoints, 127.0.0.1/localhost, and maybe even all RFC1918 addresses.

    The cheating way is to not do any of that and allow arbitrary GETs, BUT fix the issue elsewhere. Disable metadata api (and put a check at program startup), don’t run unauthenticated local services, make the result blind (so the ssrf can’t be used as an intranet port scanner)

    In conversationabout a year ago from noagendasocial.compermalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.