Skip to content

Commit

Permalink
feat(admin): harden server with admin IP restrict
Browse files Browse the repository at this point in the history 
Signed-off-by: Benjamin Gaussorgues <[email protected]>
  • Loading branch information
@Altahrim
Altahrim committed Jul 24, 2024
1 parent 2cbab42 commit b5f414b
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions admin_manual/installation/harden_server.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,23 @@ information about the TLS settings.

Also ensure that HTTP compression is disabled to mitigate the BREACH attack.

Restrict admin actions to a specific range of IP addresses
----------------------------------------------------------

Configure ``allowed_admin_ranges`` in ``config.php`` to restrict the admin actions to trusted IP ranges.

This can be achieved with this kind of setting, usually using private IP ranges::

'allowed_admin_ranges' => [
'127.0.0.1/8',
'192.168.0.0/16',
'fd00::/8',
]

All requests originating from IP addresses outside of these ranges will not be able to execute admin actions.

Administrators connected from untrusted IP addresses will be able to use Nextcloud, but all admin specific actions will be hidden.

Use a dedicated domain for Nextcloud
------------------------------------

Expand Down

0 comments on commit b5f414b

Please sign in to comment.