Can a scrape reach my internal network?

No. Quri resolves each target and blocks private or internal address ranges before fetching, so a crawl cannot be steered into your internal services or ours.

What is DNS rebinding and why block it?

It is a trick where a hostname resolves to a public address on first check, then flips to an internal one. Re-checking at fetch time and blocking internal ranges defeats it.

DNS-rebinding protection

Last updated 2026-06-14

Definition

DNS-rebinding protection stops a scrape from being tricked into reaching internal addresses. Before Quri fetches a URL, it checks where that host actually resolves and blocks anything pointing at private or internal ranges. This shuts down SSRF and DNS-rebinding tricks, so a crafted target can never make the scraper hit your network or ours.

How to do this in Quri

Submit any domain for a context scan at /app/audit.
Quri resolves the host and checks the address before it fetches anything.
If the target resolves to a private or internal range, Quri refuses the fetch.
Only genuinely public web addresses get crawled, so no internal service is reachable.

Frequently asked

Can a scrape reach my internal network?: No. Quri resolves each target and blocks private or internal address ranges before fetching, so a crawl cannot be steered into your internal services or ours.
What is DNS rebinding and why block it?: It is a trick where a hostname resolves to a public address on first check, then flips to an internal one. Re-checking at fetch time and blocking internal ranges defeats it.

DNS-rebinding protection

Definition

How to do this in Quri

Frequently asked

Related terms