# SSRF validation reference.
# Use controlled callback endpoints and harmless metadata-safe checks.

## Safe Callback Patterns

https://example-callback.invalid/ping
https://[your-controlled-callback]/rtexit-ssrf-marker

## Local Address Classes To Consider

http://127.0.0.1/
http://localhost/
http://[::1]/
http://10.0.0.1/
http://172.16.0.1/
http://192.168.0.1/

## Cloud Metadata Safety Notes

- Do not retrieve live credentials unless explicitly authorized.
- Prefer proving metadata service reachability through safe headers/status behavior.
- Pair SSRF remediation with egress filtering and URL allowlists.

