CORS Configuration
You can harden the Metadefender Core's cross-origin resource sharing (CORS) configuration to only allow access from a restricted list of systems.
The following edits can be made in C:\Program Files (x86)\OPSWAT\Metadefender Core X\REST\Web\web.config.
To restrict access to the local system, the line
<add name="Access-Control-Allow-Origin" value="*"/>can be changed to
<add name="Access-Control-Allow-Origin" value="http://localhost"/>Then add a new rule to <system.webServer><rewrite><outboundRules>
<rule name="Allow CORS on specify ip/subnet" > <match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" /> <conditions> <add input="{REMOTE_ADDR}" pattern="^(192.168.200.*|192.168.201.102)$" /> </conditions> <action type="Rewrite" value="*" /></rule>