Limit Access to the REST Server

You can harden MetaDefender Kiosk's cross-origin resource sharing (CORS) configuration to only allow access to the REST server for a restricted list of systems.

To limit access to the REST server, do the following:

  1. Open the web.config file in Program Files (x86)\OPSWAT\Metadefender Kiosk\REST\Web\web.config.

  2. Change the following line:

    <add name="Access-Control-Allow-Origin" value="*"/>

    to

    <add name="Access-Control-Allow-Origin" value="http://localhost"/>
  3. Next, add a new rule to <system.webServer><rewrite><outboundRules>:

    <rule name="Allow CORS on specify ip/subnet" >
    <match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" />
    <conditions>
    <add input="{REMOTE_ADDR}" pattern="^(192.168.200.*|192.168.201.102)$" />
    </conditions>
    <action type="Rewrite" value="*" />
    ....
    </rule>