How does dns rebinding do ssrf to defend itself?

problem scenario

for example, http://axxx.com/?url=http://b.com/
wants to get the web page content under http://b.com/ , Then you need to initiate a request to the domain name
, but you need to avoid accessing the private network

.

the ip resolution of the b.com domain name is in the public network, and then when the real request for b.com is made, the parsed ip becomes the private network
, thus taking advantage of this time difference to construct a ssrf attack scenario
involving dns rebinding

.

one of the most violent ways I can think of so far is to add a whitelist
I would like to have a boss to share the solution. I would appreciate it

currently, nodejs is used as a defense against this ssrf. Is it possible to get the ip of the domain name corresponding to the request when the request is actually sent?

Jun.15,2021
The

problem has been resolved. There is a req.socket.remoteAddress field to determine the requested address ip

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b3cbe7-2b07e.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b3cbe7-2b07e.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?