Skip to content
This repository has been archived by the owner on Apr 26, 2021. It is now read-only.

block public file download #2738

Closed

Conversation

amadisson
Copy link
Contributor

What I have added/changed is: Create middleware that blocks file download if ipv4 or ipv6 address not in allowed subnets/ip list.
The goal of my change is: To block public download of malware samples and dropped files so only admins can download and users can't download other users' files. Not to allow users to use Cuckoo to distribute malware.
What I have tested about my change is: file download works if in list or no list in local settings, file download blocked if not in list.

@jbremer
Copy link
Member

jbremer commented Jul 6, 2019

This has been manually merged into the 2.0.7 release, thanks!

@jbremer jbremer closed this Jul 6, 2019

def get_client_ip(request):
try:
x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

@RicoVZ RicoVZ Jan 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very true, this part was edited out and merged manually after that, without that header. 🙂

https://github.com/cuckoosandbox/cuckoo/blob/master/cuckoo/web/web/middle.py#L36

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants