Skip to content
This repository has been archived by the owner. It is now read-only.

block public file download #2738



Copy link

@amadisson amadisson commented May 22, 2019

What I have added/changed is: Create middleware that blocks file download if ipv4 or ipv6 address not in allowed subnets/ip list.
The goal of my change is: To block public download of malware samples and dropped files so only admins can download and users can't download other users' files. Not to allow users to use Cuckoo to distribute malware.
What I have tested about my change is: file download works if in list or no list in local settings, file download blocked if not in list.

Copy link

@jbremer jbremer commented Jul 6, 2019

This has been manually merged into the 2.0.7 release, thanks!

@jbremer jbremer closed this Jul 6, 2019

def get_client_ip(request):
x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
Copy link

@Inndy Inndy Jan 14, 2020

Copy link

@RicoVZ RicoVZ Jan 16, 2020

Very true, this part was edited out and merged manually after that, without that header. 🙂

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants