Hello everybody,
I have a question in which I’ve been biting my teeth for some time.
I always get notified via the Fail2Ban protocol that there are authorization problems.
Excerpt from the Fail2Ban log for a whole day for error 401
(I replaced the usernames with User1 / User2):
401 Unauthorized
/remote.php/dav/principals/users/User1/: 53 Time(s)
/remote.php/dav/calendars/User1/: 45 Time(s)
/remote.php/dav/principals/users/User2/: 27 Time(s)
/remote.php/dav/addressbooks/users/User1/contacts/: 22 Time(s)
/remote.php/dav/calendars/User2/: 13 Time(s)
/remote.php/dav/principals/users/: 4 Time(s)
/remote.php/dav/addressbooks/users/User1/: 1 Time(s)
/remote.php/dav/calendars/User2/inbox/: 1 Time(s)
/remote.php/dav/calendars/User1/inbox/: 1 Time(s)
/remote.php/dav/calendars/User1/personal/ ... 11545F6302C.ics: 1 Time(s)
I suspect that it is the DAV protocol, with which I sync the calendars and contacts on various iOS devices.
I’ve turned on two-factoring and assigned an App-PW for each app.
The Sync also works satisfactorily, I just can not explain the error messages.
In the relevant forums I have already searched, but I have come to no success.
It seems that if an iOS device wants to sync, it will be rejected first and will be accepted by the server on the second try ?!
I read this live in the log /var/log/apache2/nextcloud-access.log.
Some lines of /var/log/apache2/nextcloud-access.log:
XX.XXX.XXX.XXX - - [21/Aug/2019:08:26:10 +0200] “PROPFIND /remote.php/dav/principals/users/USER1/ HTTP/1.1” 401 5847 “-” “iOS/12.4 (16G77) dataaccessd/1.0”
XX.XXX.XXX.XXX - - [21/Aug/2019:08:26:11 +0200] “REPORT /remote.php/dav/principals/users/ HTTP/1.1” 401 1290 “-” “iOS/12.4 (16G77) dataaccessd/1.0”
XX.XXX.XXX.XXX - - [21/Aug/2019:08:26:11 +0200] “PROPFIND /remote.php/dav/calendars/User1/ HTTP/1.1” 401 1290 “-” “iOS/12.4 (16G77) dataaccessd/1.0”
My setup:
Nextcloud version 16.0.4.1
Operating system and version Ubuntu 18.04 LTS)
Apache/2.4.41 (Ubuntu)
PHP version 7.3.8
I have already suspected http2 and have disabled it - unfortunately without success.
Any ideas? I hope you can help me.
RoadrunnerBSE
One additional bit of troubleshooting I’d do in this case would be to try whitelisting the current IP of the device (you can do this by installing the Brute Force Settings app), and see if Fail2Ban still logs more failures. This would tell you if there’s a different (presumably iOS) device trying to connect, or if there might be something wrong with Fail2Ban.
@RoadrunnerBSE did you ever find a fix for this issue? I’ve been hardening my security and I’m running into the same problem.
Nextcloud works (website + iphones). Everything gets synced between server and devices. But fail2ban bans my ip (when not at home) because it detects to much 401 codes.
It also logs the 401 codes on my home network which is whitelisted by the Brute Force Settings app.
I’m using Nginx Proxy Mananger with this in advanced:
location ^~ /.well-known {
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/webfinger {
return 301 $scheme://$host:$server_port/index.php/.well-known/webfinger;
}
location = /.well-known/nodeinfo {
return 301 $scheme://$host:$server_port/index.php/.well-known/nodeinfo ;
}
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
return 301 $scheme://$host:$server_port/index.php$request_uri;
}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
fastcgi_buffering off;
These are the same errors as above:
[22/Dec/2023:17:28:59 +0000] - 401 401 - OPTIONS https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:28:59 +0000] - 401 401 - PROPFIND https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 200 200 - OPTIONS https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 0] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 207 207 - PROPFIND https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 557] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 401 401 - PROPFIND https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 401 401 - OPTIONS https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 200 200 - OPTIONS https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 0] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 207 207 - PROPFIND https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 474] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/principals/groups/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 401 401 - PROPFIND https domain.be "/remote.php/dav/addressbooks/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 200 200 - REPORT https domain.be "/remote.php/dav/principals/groups/" [Client 10.0.1.1] [Length 278] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 207 207 - PROPFIND https domain.be "/remote.php/dav/addressbooks/users/user2/" [Client 10.0.1.1] [Length 690] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 207 207 - REPORT https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 552] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:00 +0000] - 401 401 - OPTIONS https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 401 401 - PROPFIND https domain.be "/remote.php/dav/calendars/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 200 200 - OPTIONS https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 0] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 207 207 - PROPFIND https domain.be "/remote.php/dav/calendars/user2/" [Client 10.0.1.1] [Length 2835] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/contactpersonen-6_shared_by_user1/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 207 207 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/contactpersonen-6_shared_by_user1/" [Client 10.0.1.1] [Length xx7] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 401 401 - PROPFIND https domain.be "/remote.php/dav/calendars/user2/inbox/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 207 207 - PROPFIND https domain.be "/remote.php/dav/calendars/user2/inbox/" [Client 10.0.1.1] [Length 248] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/contactpersonen-6_shared_by_user1/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 401 401 - PROPFIND https domain.be "/remote.php/dav/calendars/user2/inbox/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 207 207 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/contactpersonen-6_shared_by_user1/" [Client 10.0.1.1] [Length 561170] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:01 +0000] - 207 207 - PROPFIND https domain.be "/remote.php/dav/calendars/user2/inbox/" [Client 10.0.1.1] [Length 248] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:02 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/z-server-generated--system/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:02 +0000] - 207 207 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/z-server-generated--system/" [Client 10.0.1.1] [Length 273] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:02 +0000] - 401 401 - PROPFIND https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:02 +0000] - 207 207 - PROPFIND https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 474] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:02 +0000] - 401 401 - PROPFIND https domain.be "/remote.php/dav/addressbooks/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:02 +0000] - 207 207 - PROPFIND https domain.be "/remote.php/dav/addressbooks/users/user2/" [Client 10.0.1.1] [Length 690] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:02 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/contactpersonen-6_shared_by_user1/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:03 +0000] - 207 207 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/contactpersonen-6_shared_by_user1/" [Client 10.0.1.1] [Length 274] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:03 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/z-server-generated--system/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:03 +0000] - 207 207 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/z-server-generated--system/" [Client 10.0.1.1] [Length 273] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:03 +0000] - 401 401 - PROPFIND https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:03 +0000] - 207 207 - PROPFIND https domain.be "/remote.php/dav/principals/users/user2/" [Client 10.0.1.1] [Length 474] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:03 +0000] - 401 401 - PROPFIND https domain.be "/remote.php/dav/addressbooks/users/user2/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:03 +0000] - 207 207 - PROPFIND https domain.be "/remote.php/dav/addressbooks/users/user2/" [Client 10.0.1.1] [Length 690] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:03 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/contactpersonen-6_shared_by_user1/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:03 +0000] - 207 207 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/contactpersonen-6_shared_by_user1/" [Client 10.0.1.1] [Length 274] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:03 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/z-server-generated--system/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:04 +0000] - 207 207 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/z-server-generated--system/" [Client 10.0.1.1] [Length 273] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:04 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/contactpersonen-6_shared_by_user1/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:04 +0000] - 207 207 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/contactpersonen-6_shared_by_user1/" [Client 10.0.1.1] [Length 274] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:04 +0000] - 401 401 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/z-server-generated--system/" [Client 10.0.1.1] [Length 450] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
[22/Dec/2023:17:29:04 +0000] - 207 207 - REPORT https domain.be "/remote.php/dav/addressbooks/users/user2/z-server-generated--system/" [Client 10.0.1.1] [Length 273] [Gzip -] [Sent-to 10.0.1.xx] "iOS/17.1.1 (21B91) dataaccessd/1.0" "-"
(Docker) Nextcloud 28.0.0