VladPolskiy/nextcloud-documentation
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2025-08-20 14:15:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(security): remove db reference in bruteforce + add logs

Browse Source 
Signed-off-by: Josh <josh.t.richards@gmail.com>
This commit is contained in:
Josh
2024-06-19 08:37:06 -04:00
committed by Joas Schilling
parent 64bfd6ebea
commit b42199f4a1
1 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
admin_manual/configuration_server/bruteforce_configuration.rst
View File

@ -121,22 +121,31 @@ Troubleshooting
Overview Overview
~~~~~~~~ ~~~~~~~~
On most setups Nextcloud will work out of the box without any issues. If you On most setups Nextcloud will work out of the box without any issues. If you run into a situation where
run into a situation where logging in or connecting is often very slow for multiple users, the first logging in or connecting is often very slow for multiple users, the first step is to check your Nextcloud
step is to check your Nextcloud Server logs to see what IP addresses are being detected (you may need Server logs to see what IP addresses are being detected (you will need to adjust your ``loglevel`` to ``1``
adjust your logging to INFO level temporarily to do so). temporarily to do so).
Look for entries that start with any of the following:
- `Bruteforce attempt from` [...]
- `IP address throttled` [...]
- `IP address blocked` [...]
If all clients appear to be coming from the same IP address and that IP address happens to be your If all clients appear to be coming from the same IP address and that IP address happens to be your
proxy, you need to review your ``trusted_proxies`` configuration. If it is a common connection point, proxy, you need to review your ``trusted_proxies`` configuration.
such as a multi-user office location, it is possible whitelisting is appropriate.
If the IP address is a common connection point, such as a multi-user office location, it can be an option to whitelist it,
with the draw back that users have to be trust-worthy.
For testing purposes you want want to whitelist your own IP address to see if the problem disappears. For testing purposes you want want to whitelist your own IP address to see if the problem disappears.
If it does - and assuming your proxy configuration is correct - you may have a client/device in your If it does - and assuming your proxy configuration is correct - you may have a client/device in your
network that is misbehaving and generating invalid login attempts from your IP address. network that is misbehaving and generating invalid login attempts from your IP address.
For detailed troubleshooting, you may wish to inspect the `bruteforce_attempts` database table. There You can use the `occ security:bruteforce:attempts` command to check the realtime status for a given IP address.
you can see which IP addresses are throttled and any other metadata stored about their attempts to
connect. .. note:: The `bruteforce_attempts` database table will be empty if you're using a distributed memory
cache since the database backend is no longer used unless it is the only option available.
Excluding IP addresses from brute force protection Excluding IP addresses from brute force protection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~