Mitigate Server Side Request Forgery (SSRF) by employing the following best practices:

• Utilize whitelists and identify the IP addresses the application needs to access. Do not use blacklists and regular expressions directly on the user input as they are bad practice and can be easily bypassed. The attacker can use HTTP redirect, wildcard DNS services like xip.io, or even alternate IP encoding to bypass blacklists and regular expressions.
• Sanitize the output of the request before relaying its response to the user. Make sure the response received by the server application is actually what it expects it to be before sending it back to the user. Prevent any information leakage to the attacker.
• Disable unused URL schemas (i.e. file://*, *dict://, ftp://* and *gopher://), if your application only makes use of HTTP or HTTPS to make requests.
• Operational Security Measures: use authentication on internal services such as
  Memcached, Redis, Elasticsearch and MongoDB (they do not require authentication by default).

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/openshift-source-to-image-s2i-builder-image/tasks/phase/development/106-T1365/