CORS Configuration

You can harden the Metadefender Core's cross-origin resource sharing (CORS) configuration to only allow access from a restricted list of systems.

The following edits can be made in C:\Program Files (x86)\OPSWAT\Metadefender Core X\REST\Web\web.config.

To restrict access to the local system, the line

<add name="Access-Control-Allow-Origin" value="*"/>

can be changed to

<add name="Access-Control-Allow-Origin" value="http://localhost"/>

Then add a new rule to <system.webServer><rewrite><outboundRules>

<rule name="Allow CORS on specify ip/subnet" >
<match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^(192.168.200.*|192.168.201.102)$" />
</conditions>
<action type="Rewrite" value="*" />
</rule>