Merge pull request #12059 from nextcloud/feat/restrict-admin

nextcloud · Jul 24, 2024 · a4e2c37 · a4e2c37
2 parents 0eb123e + b5f414b
commit a4e2c37
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/admin_manual/installation/harden_server.rst b/admin_manual/installation/harden_server.rst
@@ -177,6 +177,23 @@ information about the TLS settings.
 
 Also ensure that HTTP compression is disabled to mitigate the BREACH attack.
 
+Restrict admin actions to a specific range of IP addresses
+----------------------------------------------------------
+
+Configure ``allowed_admin_ranges`` in ``config.php`` to restrict the admin actions to trusted IP ranges.
+
+This can be achieved with this kind of setting, usually using private IP ranges::
+
+  'allowed_admin_ranges' => [
+    '127.0.0.1/8',
+    '192.168.0.0/16',
+    'fd00::/8',
+  ]
+
+All requests originating from IP addresses outside of these ranges will not be able to execute admin actions.
+
+Administrators connected from untrusted IP addresses will be able to use Nextcloud, but all admin specific actions will be hidden.
+
 Use a dedicated domain for Nextcloud
 ------------------------------------