404 errors spamming the logfile, when using Bookmarks app

The Basics

• Nextcloud Server version : 31.0.7
• Operating system and version : Debian 12
• Web server and version: Nginx 1.22
• Reverse proxy and version : none
• PHP version : 8.2
• Is this the first time you’ve seen this error? : Yes
• When did this problem seem to first start?: After installing Bookmarks App
• Installation method : Archive
• Are you using CloudfIare, mod_security, or similar? : No

Summary of the issue you are facing:

After installing the Bookmarks App and adding some bookmarks, i see a lot of 404 error messages in the nginx access.log. These 404 errors lead to a complete blockage of using Nextcloud, because after a unknown count of 404 messages, the firewall blocks a client, with a lot of 404 messages.

Log entries

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

123.123.123.123 - - [21/Jul/2025:12:51:12 +0200] "GET /apps/bookmarks/folder/34/publictoken HTTP/2.0" 404 131 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0"

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
           "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "31.0.7.1",
        "overwrite.cli.url": "https:\/\/"***REMOVED SENSITIVE VALUE***"",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "memories.db.triggers.fcu": true,
        "memories.exiftool": "\/mnt\/sda1\/www\/nextcloud\/apps\/memories\/bin-ext\/exiftool-aarch64-glibc",
        "memories.vod.path": "\/mnt\/sda1\/www\/nextcloud\/apps\/memories\/bin-ext\/go-vod-aarch64",
        "memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
        "memories.vod.ffprobe": "\/usr\/bin\/ffprobe",
        "enabledPreviewProviders": [
            "OC\\Preview\\Image",
            "OC\\Preview\\Movie"
        ],
        "preview_max_x": 1024,
        "preview_max_y": 1024,
        "maintenance_window_start": 1,
        "maintenance": false,
        "default_phone_region": "DE",
        "mail_smtpmode": "sendmail",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": true,
        "mail_smtpport": "587",
        "loglevel": 3,
        "debug": false,
        "overwriteprotocol": "https",
        "activity_expire_days": 14,
        "auth.bruteforce.protection.enabled": true,
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "logtimezone": "Europe\/Berlin",
        "remember_login_cookie_lifetime": 36000,
        "session_lifetime": 36000,
        "session_keepalive": true,
        "auto_logout": false,
        "preview_max_scale_factor": 1,
        "profile.enabled": false,
        "filelocking.enabled": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0
        },
        "preview_format": "webp",
        "app_install_overwrite": [],
        "memories.vod.disable": false,
        "memories.video_default_quality": "-2",
        "memories.vod.nvenc": true,
        "memories.vod.use_transpose": true,
        "memories.vod.use_gop_size": true,
        "twofactor_enforced": "true",
        "twofactor_enforced_groups": [],
        "twofactor_enforced_excluded_groups": [],
        "memories.gis_type": 1,
        "defaultapp": "",
        "forbidden_filename_characters": [
            "\\",
            "\/"
        ],
        "forbidden_filename_extensions": [
            ".filepart",
            ".part"
        ]
    }
}

Apps

Enabled:
  - bookmarks: 15.1.2
  - bruteforcesettings: 4.0.0
  - calendar: 5.3.6
  - cloud_federation_api: 1.14.0
  - contacts: 7.2.0
  - dashboard: 7.11.0
  - dav: 1.33.0
  - dav_push: 0.0.3
  - federatedfilesharing: 1.21.0
  - files: 2.3.1
  - files_external: 1.23.0
  - files_pdfviewer: 4.0.0
  - files_sharing: 1.23.1
  - files_trashbin: 1.21.0
  - logreader: 4.0.0
  - lookup_server_connector: 1.19.0
  - mail_roundcube: 1.2.1
  - memories: 7.6.1
  - nextcloud_announcements: 3.0.0
  - notes: 4.12.2
  - notifications: 4.0.0
  - oauth2: 1.19.1
  - password_policy: 3.0.0
  - photos: 4.0.0
  - previewgenerator: 5.9.0
  - profile: 1.0.0
  - provisioning_api: 1.21.0
  - recognize: 9.0.3
  - serverinfo: 3.0.0
  - settings: 1.14.0
  - side_menu: 5.1.1
  - suspicious_login: 9.0.1
  - systemtags: 1.21.1
  - tables: 0.9.4
  - text: 5.0.0
  - theming: 2.6.1
  - theming_customcss: 1.18.0
  - twofactor_backupcodes: 1.20.0
  - twofactor_totp: 13.0.0-dev.0
  - updatenotification: 1.21.0
  - viewer: 4.0.0
  - workflowengine: 2.13.0
Disabled:
  - activity: 4.0.0 (installed 4.0.0)
  - admin_audit: 1.21.0 (installed 1.21.0)
  - app_api: 5.0.2 (installed 5.0.2)
  - circles: 31.0.0 (installed 31.0.0)
  - comments: 1.21.0 (installed 1.21.0)
  - contactsinteraction: 1.12.0 (installed 1.12.0)
  - encryption: 2.19.0 (installed 2.19.0)
  - federation: 1.21.0 (installed 1.21.0)
  - files_downloadlimit: 4.0.0 (installed 4.0.0)
  - files_reminders: 1.4.0 (installed 1.4.0)
  - files_versions: 1.24.0 (installed 1.24.0)
  - firstrunwizard: 4.0.0 (installed 4.0.0)
  - mail: 5.1.8 (installed 5.1.8)
  - privacy: 3.0.0 (installed 3.0.0)
  - recommendations: 4.0.0 (installed 4.0.0)
  - related_resources: 2.0.0 (installed 2.0.0)
  - sharebymail: 1.21.0 (installed 1.21.0)
  - support: 3.0.0 (installed 3.0.0)
  - survey_client: 3.0.0 (installed 3.0.0)
  - tasks: 0.16.1 (installed 0.16.1)
  - twofactor_nextcloud_notification: 5.0.0 (installed 5.0.0)
  - unsplash: 3.1.0 (installed 3.1.0)
  - user_ldap: 1.22.0
  - user_status: 1.11.0 (installed 1.11.0)
  - weather_status: 1.11.0 (installed 1.11.0)
  - webhook_listeners: 1.2.0 (installed 1.2.0)

There seems to be a open issue on the apps GitHub repo (Console 404 errors and random "Failed to count bookmarks" messages · Issue #1878 · nextcloud/bookmarks · GitHub). But this is open since 2022, without a solution.

At least a workaround should be available, until this issue is fixed. I have tried to exclude logging of these requests in the nginx config, but it didnt work:

location ~ (bookmarks|publictoken|image)$ {
                access_log off;
        }

The developer has answerded in the issue tracker. According to this, the 404 errors are intentional and quite legitimate for API requests. Unfortunately, in my case, the firewall blocks access to the instance for 24 hours after more than 10 such 404 errors within 1 minute. According to my firewall colleagues, this cannot be changed. Such behavior is likely indicative of an attempted hacker attack. I cannot change the behavior of the firewall. However, I have now managed to remove the 404 errors for the Bookmarks app from the log file at least. All other 404 errors remain. At least that’s a workaround.

To do this, I define a new mapping before the server block in the nginx config:

map $request_uri $logable {
	~/bookmarks/publictoken 0;
	~/bookmarks/image 0;
	default 1;
}

and add the new variable to the access_log line: access_log /var/log/nginx/box_access.log combined if=$logable;

If for a defined resource, the var $logable is 0, it doesn’t get logged.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.