Changeset View
Changeset View
Standalone View
Standalone View
security/imds-filterd/pkg-descr
Property | Old Value | New Value |
---|---|---|
fbsd:nokeywords | null | yes \ No newline at end of property |
svn:eol-style | null | native \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
imds-filterd (pronounced "I M D S Filter D") is a pair of utilities which | |||||
work together to intercept and filter requests to the EC2 Instance Metadata | |||||
Service -- or theoretically any other service at 169.254.169.254:80. | |||||
It validates requests against a configured ruleset which specifies whether | |||||
given users and groups should be allowed or denied access to certain prefixes | |||||
in the Instance Metadata Service. For example, "root" could be granted | |||||
access to everything; most unprivileged users granted access to everything | |||||
except IAM role credentials; but the www user denied access to the entire | |||||
Instance Metadata Service in order to guard against SSRF and similar attacks. | |||||
WWW: http://github.com/cperciva/imds-filterd |