Start Free

Protect AWS and Azure Metadata Endpoints from SSRF Exploitation

The cloud metadata endpoint at 169.254.169.254 is the single most valuable target for SSRF attackers. One forged request can expose IAM credentials, API keys, and your entire cloud infrastructure. PowerWAF blocks it all.

Start with a Free Plan See How It Works

Limited free plan spots available

OWASP A10:2021

The Cloud’s Most Dangerous Endpoint

Every AWS EC2 instance, Azure VM, and GCP Compute Engine instance exposes a metadata service at 169.254.169.254. This endpoint serves IAM credentials, instance identity tokens, network configuration, and startup scripts. An SSRF vulnerability in any application running on these instances can expose everything — and the attacker doesn't need any authentication to access it.

100M+ customer records exposed in the Capital One breach, caused by SSRF targeting AWS metadata

Once an attacker obtains IAM credentials from the metadata endpoint, they can access S3 buckets, invoke Lambda functions, query databases, and move laterally across your entire cloud account. The window between credential theft and full compromise is measured in seconds.

OWASP A10:2021 CWE-918 (SSRF)

How Attackers Target Cloud Metadata

Five techniques attackers use to reach your cloud metadata endpoint through SSRF.

🔑

Direct Metadata Access

The simplest attack: requesting the metadata IP directly to steal IAM credentials and session tokens.

http://169.254.169.254/latest/meta-data/iam/security-credentials/role-name
🔢

IP Encoding Bypass

Encoding the metadata IP as hex, octal, decimal, or IPv6 to bypass naive string-matching filters.

http://0xa9fea9fe/ • http://2852039166/
🏷️

DNS Alias Targeting

Using internal DNS names that resolve to the metadata IP, bypassing IP-based blocklists.

http://metadata.google.internal/computeMetadata/v1/
🔄

Redirect Chain Exploitation

Using open redirects on trusted domains to bounce the request to the metadata endpoint after the initial URL check.

https://trusted.com/redirect?url=http://169.254.169.254/
📦

Container Metadata Theft

Targeting ECS/Fargate task metadata, Kubernetes service account tokens, and pod identity endpoints.

http://169.254.170.2/v2/credentials/

How PowerWAF Protects Your Cloud

Five layers of defense specifically designed to block cloud metadata SSRF.

🛡️

Metadata IP Blocking

Blocks all requests targeting 169.254.169.254, 169.254.170.2, fd00::, and other metadata addresses — including every IP encoding variant (hex, octal, decimal, IPv6-mapped).

Stops direct and encoded metadata access
🌐

DNS Resolution Validation

Resolves hostnames before allowing requests and blocks any that resolve to internal or link-local IP ranges. Catches metadata.google.internal and custom DNS aliases.

Stops DNS-based metadata bypasses
🔗

Redirect Chain Prevention

Follows redirects and validates each hop. If any redirect in the chain targets an internal IP or metadata endpoint, the entire request is blocked.

Stops multi-hop SSRF via open redirects
☁️

Cloud-Specific Rules

Pre-built rule sets for AWS, Azure, GCP, and Kubernetes. Blocks access to ECS task metadata, pod identity endpoints, and managed identity tokens.

Stops container and managed identity theft
🔍

Header Injection Detection

Detects injected headers like Metadata:true (Azure) and Metadata-Flavor:Google (GCP) that attackers add to bypass IMDSv2-style protections.

Stops header-based metadata access

Protected in Minutes, Not Months

No code changes. No infrastructure modifications. No SDK updates.

1

Point DNS

Change your DNS records to route traffic through PowerWAF. No server changes needed.

2

Instant Protection

PowerWAF immediately blocks all SSRF attempts targeting cloud metadata endpoints.

3

Monitor Everything

Real-time dashboard shows blocked metadata access attempts and attacker IPs.

Works alongside IMDSv2, VPC policies, and instance metadata options — defense in depth for your cloud.

See PowerWAF in Action

Real-time view of cloud metadata SSRF attacks being blocked at the edge.

powerwaf-access-log — live
11:03:41 BLOCKED 198.51.100.87 GET /api/fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/ → SSRF: AWS metadata
11:03:42 BLOCKED 198.51.100.23 GET /proxy?u=http://0xa9fea9fe/latest/user-data → SSRF: Hex-encoded metadata IP
11:03:43 ALLOWED 203.0.113.50 GET /api/users/profile → Authenticated user request
11:03:44 BLOCKED 203.0.113.42 POST /webhook/test → SSRF: http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/
11:03:45 BLOCKED 198.51.100.87 GET /render?url=http://[::ffff:a9fe:a9fe]/latest/ → SSRF: IPv6-mapped metadata
11:03:46 ALLOWED 198.51.100.12 POST /api/orders → Valid API request
11:03:47 BLOCKED 198.51.100.23 GET /fetch?url=http://169.254.170.2/v2/credentials/ → SSRF: ECS task metadata
11:03:48 BLOCKED 203.0.113.42 GET /api/preview?link=http://2852039166/latest/dynamic/instance-identity/document → SSRF: Decimal metadata IP

Simulated log showing PowerWAF blocking cloud metadata SSRF attempts across AWS, GCP, and ECS endpoints.

Proven Protection at Scale

< 5 min Average setup time — DNS change only
0 Lines of code to change in your application
24/7 Real-time monitoring and automatic blocking

Real-World Scenarios

Cloud Migration with Exposed Endpoints

A company migrates legacy apps to AWS EC2 without enabling IMDSv2. An SSRF vulnerability in an image processing service exposes IAM credentials. PowerWAF blocks all metadata requests at the application layer — providing immediate protection regardless of IMDS version.

Containerized App on ECS/Fargate

A microservice running on AWS Fargate accepts user-provided URLs for PDF generation. Attackers target the ECS task metadata endpoint at 169.254.170.2 to steal task role credentials. PowerWAF blocks container metadata access alongside standard instance metadata.

Multi-Cloud Environment

An organization runs services across AWS, Azure, and GCP. Each cloud has different metadata endpoints and header requirements. PowerWAF provides unified protection across all three — a single security layer that understands every cloud provider’s metadata service.

Works with any cloud platform

AWS EC2 / ECS / Lambda
Azure VMs / AKS
Google Cloud / GKE
DigitalOcean
Kubernetes
Docker / Containers
Node.js
Python / Java
WordPress
Custom Apps

Frequently Asked Questions

What is a cloud metadata endpoint?
Cloud providers expose instance metadata via a special IP address (169.254.169.254) accessible only from within the instance. On AWS, this endpoint provides IAM role credentials, instance identity documents, network configuration, and user data scripts. Azure and GCP have similar services. If an attacker can make your server request this endpoint via SSRF, they can steal temporary credentials and pivot across your cloud environment.
How did the Capital One breach relate to SSRF?
The 2019 Capital One breach — which exposed 100+ million customer records — was caused by an SSRF vulnerability in a misconfigured WAF that allowed the attacker to access the AWS metadata endpoint, steal IAM role credentials, and use those credentials to access S3 buckets containing sensitive data. A WAF that blocks metadata endpoint access would have prevented this attack.
Does PowerWAF support IMDSv2?
PowerWAF provides protection regardless of whether you use IMDSv1 or IMDSv2. While IMDSv2 adds a token requirement that makes SSRF exploitation harder, it does not eliminate the risk entirely. PowerWAF blocks all requests targeting 169.254.169.254 and other metadata addresses at the application layer, providing defense-in-depth alongside IMDSv2.
Does PowerWAF protect Azure and GCP metadata too?
Yes. PowerWAF blocks access to all major cloud metadata services: AWS (169.254.169.254), Azure (169.254.169.254 with Metadata:true header), GCP (metadata.google.internal / 169.254.169.254), and DigitalOcean (169.254.169.254). It also blocks access to Kubernetes service account tokens and container metadata endpoints.
Can attackers bypass metadata protection with IP encoding?
Attackers commonly try to bypass SSRF filters by encoding 169.254.169.254 as hex (0xa9fea9fe), octal (0251.0376.0251.0376), decimal (2852039166), or IPv6 (::ffff:169.254.169.254). PowerWAF normalizes all IP representations before evaluation, catching every encoding variant.
Do I need to change my application code?
No. PowerWAF operates as a reverse proxy, inspecting all incoming traffic before it reaches your application. Cloud metadata SSRF protection is active immediately after DNS setup — no code changes, no SDK updates, no infrastructure modifications required.
What about SSRF via internal DNS names?
Attackers may use internal DNS names like metadata.google.internal or kubernetes.default.svc to reach metadata services without using the IP directly. PowerWAF maintains a comprehensive blocklist of known cloud metadata hostnames and resolves DNS to verify the target IP is not internal before allowing the request.

Explore More WAF Protection

PowerWAF covers the full OWASP Top 10. Explore protection for other attack categories.

SSRF Attack Prevention

Block all SSRF vectors — internal service access, URL scheme abuse, DNS rebinding, and more.

Open Redirect & SSRF

Stop open redirect chains that lead to SSRF attacks with one WAF rule.

Layer 7 DDoS Protection

Stop HTTP floods before they crash your site.

Protect Your Cloud Credentials Today

No credit card required. No code changes. Set up in under 5 minutes.

Start with a Free Plan See Prices

Limited free plan spots available