UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

23 lines (22 loc) 1.09 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.isIMDSIPAddress = isIMDSIPAddress; exports.isTrustedHostname = isTrustedHostname; const IPMatcher_1 = require("../../helpers/ip-matcher/IPMatcher"); const IMDSAddresses = new IPMatcher_1.IPMatcher(); // This IP address is used by AWS EC2 instances to access the instance metadata service (IMDS) // We should block any requests to these IP addresses // This prevents STORED SSRF attacks that try to access the instance metadata service IMDSAddresses.add("169.254.169.254"); IMDSAddresses.add("fd00:ec2::254"); IMDSAddresses.add("100.100.100.200"); // Alibaba Cloud function isIMDSIPAddress(ip) { return IMDSAddresses.has(ip); } // Google cloud uses the same IP addresses for its metadata service // However, you need to set specific headers to access it // In order to not block legitimate requests, we should allow the IP addresses for Google Cloud const trustedHosts = ["metadata.google.internal", "metadata.goog"]; function isTrustedHostname(hostname) { return trustedHosts.includes(hostname); }