API Documentation
AntiSSRF .NET Library
The AntiSSRF .NET Library is a library for C# applications using .NET that provides robust URL validation and HTTP request protection to prevent SSRF vulnerabilities in code. It is designed as an easy, drop-in library with minimal impact on the engineering team, implemented both as an HttpMessageHandler for use with HttpClient and as a static URL validator, depending on use case.
Usage Instructions
The AntiSSRF Library provides validation for different scenarios based on your trust requirements:
| Use Case | Description | Documentation Link |
|---|---|---|
| General Case | The untrusted URL can belong to any domain or an untrusted domain. | AntiSSRFPolicy |
| Azure Key Vault Domain | The untrusted URL must be an Azure Key Vault endpoint. | URIValidator.InAzureKeyVaultDomain |
| Azure Storage Domain | The untrusted URL must be an Azure Storage endpoint. | URIValidator.InAzureStorageDomain |
| Allowlist of Trusted Domains | The untrusted URL must belong to a specific, trusted domain. | URIValidator.InDomain |
Classes
| Class | Description |
|---|---|
| AntiSSRFPolicy | Represents a customizable security policy and provides an AntiSSRFHandler to ensure all outgoing HttpClient requests match the security policy. |
| AntiSSRFHandler | An HttpMessageHandler that enforces the AntiSSRFPolicy on all outgoing requests. |
| IPAddressRanges | Provides predefined IP address ranges for use with AntiSSRF policies. |
| URIValidator | Provides static methods for validating the hostname and protocol of URLs. |