Back to browse
GitHub Repository

An SSRF-resistant HTTP client for Go.

3 starsGo

Safehttp – an SSRF-resistant HTTP client for Go

by ayuhito·Jul 18, 2026·3 points·0 comments

AI Analysis

●●●BangerNiche GemSolve My Problem

Finally, a drop-in Go HTTP client that actually blocks cloud metadata SSRF by default.

Strengths
  • Blocks RFC1918, loopback, and cloud metadata IPs out-of-the-box without complex config.
  • Re-validates every redirect target, preventing open-redirect-to-SSRF chains.
  • Exact origin policy with AllowOrigins prevents wildcard misconfigurations common in WAFs.
Weaknesses
  • Go-specific utility limits audience compared to language-agnostic proxies or WAF rules.
  • No built-in allowlist management UI; requires code changes to update trusted origins.
Category
Target Audience

Go developers building services that fetch untrusted URLs

Similar To

ssrf-filter · cloudflare-warp

Similar Projects

Security●●●Banger

Deterministic security guardrails for Claude Code

Six shell hooks hard-block RCE and exfiltration before Claude Code executes anything.

Big BrainSolve My Problem
humblejedi
303mo ago