Skip to content

Add whitelist configuration on bruteforce_configuration.rst #11347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nickvergessen merged 1 commit into from
Dec 4, 2023
Merged

Add whitelist configuration on bruteforce_configuration.rst #11347

nickvergessen merged 1 commit into from
Dec 4, 2023

Conversation

@kesselb
Copy link
Contributor

@kesselb kesselb commented Dec 2, 2023
edited
Loading

☑️ Resolves

🖼️ Screenshots

image

@kesselb kesselb self-assigned this Dec 2, 2023
@kesselb kesselb added this to the Nextcloud 29 milestone Dec 2, 2023
@kesselb kesselb mentioned this pull request Dec 2, 2023
Closed
@kesselb kesselb requested a review from tflidd December 2, 2023 20:40
nickvergessen
nickvergessen reviewed Dec 4, 2023
View reviewed changes
admin_manual/configuration_server/bruteforce_configuration.rst Outdated
- Login as admin and go to Administration settings -> Security

Note that any excluded IP address can perform authentication attempts without any throttling.
Its best to exclude as few IP addresses as you can, or even none at all.
Copy link
Member

@nickvergessen nickvergessen Dec 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are issues with proxies mentioned on this page and that instead of excluding a (reverse) proxy it should be configured as trusted proxy?

Copy link
Contributor Author

@kesselb kesselb Dec 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, it's mentioned in the troubleshooting section below: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/bruteforce_configuration.html#troubleshooting

Shall we flip troubleshooting and exclude?

Copy link
Member

@nickvergessen nickvergessen Dec 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah I would say so

Copy link
Member

@nickvergessen nickvergessen Dec 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't know the exact syntax atm, but maybe we make this a warning box as well

Suggested change
Its best to exclude as few IP addresses as you can, or even none at all.
.. warn::
Its best to exclude as few IP addresses as you can, or even none at all.

Copy link
Contributor Author

@kesselb kesselb Dec 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the good advice.
Reordered the content and updated the screenshot.

@quentinDupont @kesselb
Add whitelist configuration on bruteforce_configuration.rst
5484c08 
Signed-off-by: Quentin Dupont <[email protected]>
Signed-off-by: Daniel Kesselberg <[email protected]>
@nickvergessen nickvergessen merged commit e32a54c into master Dec 4, 2023
@nickvergessen nickvergessen deleted the patch-2 branch December 4, 2023 18:40
@nickvergessen
Copy link
Member

nickvergessen commented Dec 4, 2023

/backport to stable28

@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Dec 4, 2023
Merged
@joshtrichards
Copy link
Member

joshtrichards commented Dec 5, 2023

Thanks @quentinDupont and @kesselb for taking the initiative on this! 😎 Comes up often enough. :)

@nickvergessen
Copy link
Member

nickvergessen commented Dec 5, 2023

Comes up often enough. :)

And should basically never be the solution. In most cases you are doing something else wrong, see the warning box.

@joshtrichards
Copy link
Member

joshtrichards commented Dec 5, 2023

Indeed. I think making the RP/trusted_proxies/forward_for_headers interaction clearer by bumping it above the troubleshooting section and making it more "front and center" - as you suggested/this PR does - should help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickvergessen nickvergessen nickvergessen left review comments

@Altahrim Altahrim Altahrim approved these changes

@joshtrichards joshtrichards Awaiting requested review from joshtrichards

@tflidd tflidd Awaiting requested review from tflidd

Assignees

@kesselb kesselb

Labels

3. to review

Projects

None yet

Milestone

Nextcloud 29

Development

Successfully merging this pull request may close these issues.

6 participants

@kesselb @nickvergessen @joshtrichards @Altahrim @quentinDupont