PlantUML Server renders user-provided diagram definitions over HTTP. The main security concerns are untrusted input, SSRF-like behavior, and service abuse.
¶ Access and Exposure
- Place PlantUML Server behind a reverse proxy.
- Restrict public access if only internal users need rendering.
- Enforce TLS and authentication at the proxy layer.
- Disable or tightly control remote include mechanisms.
- Block internal network destinations to reduce SSRF risk.
- Reject oversized payloads to limit resource exhaustion.
¶ Sandbox and Resource Limits
- Run server container with non-root user.
- Set CPU/memory limits.
- Use read-only root filesystem where possible.
- Deny outbound internet unless required.
- Explicitly block metadata endpoints and management networks.
- Monitor blocked egress attempts.
¶ Logging and Abuse Detection
- Log request rates, failures, and rendering timeouts.
- Alert on spikes indicating abuse or fuzzing.
- Retain logs for incident investigation.