How to Check URLs for SSRF (Server-Side Request Forgery) Attempts in PHP

It’s important to actively secure our networks against established attack methods. Server-side Request Forgery (SSRF) attacks are common and can result in data exposure, denial of service and more; thankfully, you can mitigate SSRF attempts with the free-to-use API solution below.

The underlying service will quickly identify if a suspicious URL is clean, and it’ll provide a string describing the degree of threat (“ThreatLevel”) present in the URL.

To take advantage of this API, simply follow instructions below to structure your request with ready-to-run PHP code examples. First, you should register a free account on our website to get a free-tier API key, which you can copy into the $config input for authorization.

First, let’s run the following command to install the SDK:

composer require cloudmersive/cloudmersive_security_api_client

After that, let’s structure our API call with the PHP code examples below:

<?php
require_once(__DIR__ . '/vendor/autoload.php');

// Configure API key authorization: Apikey
$config = Swagger\Client\Configuration::getDefaultConfiguration()->setApiKey('Apikey', 'YOUR_API_KEY');



$apiInstance = new Swagger\Client\Api\NetworkThreatDetectionApi(
    
    
    new GuzzleHttp\Client(),
    $config
);
$request = new \Swagger\Client\Model\UrlSsrfThreatDetectionRequestFull(); // \Swagger\Client\Model\UrlSsrfThreatDetectionRequestFull | Input URL request

try {
    $result = $apiInstance->networkThreatDetectionDetectSsrfUrl($request);
    print_r($result);
} catch (Exception $e) {
    echo 'Exception when calling NetworkThreatDetectionApi->networkThreatDetectionDetectSsrfUrl: ', $e->getMessage(), PHP_EOL;
}
?>

That’s all there is to it. In just a few steps, you’ve improved your server’s security profile!