Server-side request forgery occurs when web application fetches a remote resources without properly validating the user supplied URL. Attacker takes advantage of this flaw by coercing the application to send crafted request to unexpected destination which can bypass firewall, VPN, and other network access control list.
Security professionals can apply network defense as well as application defense. For the network layer, you can enforce deny by default on firewall and segment remote resource access functionality in separate network and as for the application layer you can sanitize and validate client supplied inputs, enforce URL schema, port, and destination with positive allow list, disable HTTP redirection, and not send raw responses to clients.
HansITAcademy 