Skip to content
This repository has been archived by the owner. It is now read-only.

block public file download #2738

Closed

Conversation

@amadisson
Copy link
Contributor

@amadisson amadisson commented May 22, 2019

What I have added/changed is: Create middleware that blocks file download if ipv4 or ipv6 address not in allowed subnets/ip list.
The goal of my change is: To block public download of malware samples and dropped files so only admins can download and users can't download other users' files. Not to allow users to use Cuckoo to distribute malware.
What I have tested about my change is: file download works if in list or no list in local settings, file download blocked if not in list.

@jbremer
Copy link
Member

@jbremer jbremer commented Jul 6, 2019

This has been manually merged into the 2.0.7 release, thanks!

@jbremer jbremer closed this Jul 6, 2019

def get_client_ip(request):
try:
x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
Copy link

@Inndy Inndy Jan 14, 2020

Copy link
Contributor

@RicoVZ RicoVZ Jan 16, 2020

Very true, this part was edited out and merged manually after that, without that header. 🙂

https://github.com/cuckoosandbox/cuckoo/blob/master/cuckoo/web/web/middle.py#L36

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants