VladPolskiy/nextcloud-documentation
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2025-08-20 14:15:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(security): remove db reference in bruteforce + add logs

Browse Source 
Signed-off-by: Josh <josh.t.richards@gmail.com>
This commit is contained in:
Josh
2024-06-19 08:37:06 -04:00
committed by Joas Schilling
parent 64bfd6ebea
commit b42199f4a1
1 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
admin_manual/configuration_server/bruteforce_configuration.rst
View File

@ -121,22 +121,31 @@ Troubleshooting
Overview
~~~~~~~~
On most setups Nextcloud will work out of the box without any issues. If you
run into a situation where logging in or connecting is often very slow for multiple users, the first
step is to check your Nextcloud Server logs to see what IP addresses are being detected (you may need
adjust your logging to INFO level temporarily to do so).
On most setups Nextcloud will work out of the box without any issues. If you run into a situation where
logging in or connecting is often very slow for multiple users, the first step is to check your Nextcloud
Server logs to see what IP addresses are being detected (you will need to adjust your ``loglevel`` to ``1``
temporarily to do so).
Look for entries that start with any of the following:
- `Bruteforce attempt from` [...]
- `IP address throttled` [...]
- `IP address blocked` [...]
If all clients appear to be coming from the same IP address and that IP address happens to be your
proxy, you need to review your ``trusted_proxies`` configuration. If it is a common connection point,
such as a multi-user office location, it is possible whitelisting is appropriate.
proxy, you need to review your ``trusted_proxies`` configuration.
If the IP address is a common connection point, such as a multi-user office location, it can be an option to whitelist it,
with the draw back that users have to be trust-worthy.
For testing purposes you want want to whitelist your own IP address to see if the problem disappears.
If it does - and assuming your proxy configuration is correct - you may have a client/device in your
network that is misbehaving and generating invalid login attempts from your IP address.
For detailed troubleshooting, you may wish to inspect the `bruteforce_attempts` database table. There
you can see which IP addresses are throttled and any other metadata stored about their attempts to
connect.
You can use the `occ security:bruteforce:attempts` command to check the realtime status for a given IP address.
.. note:: The `bruteforce_attempts` database table will be empty if you're using a distributed memory
cache since the database backend is no longer used unless it is the only option available.
Excluding IP addresses from brute force protection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~