Nextcloud: 28.0.5 (was the same in all NC 27.1)
OS: Debian GNUX/Linux 12 (bookworm)
Linux: 6.1.0-20-amd64 x86_64
Apache: 2.4.59 (Debian)
PHP: php-fpm 2:8.2 (redis 5.3.7)
Hello Nextcloud Community !
I’m going round in circles with some 404 errors in the access.log Apache logs exclusively done by Safari browser on iOS and iPadOS clients.
Here is an example of the error I got by the dozen when loading the splash login screen:
2001:0000:4136:e378:8000:63bf:3fff:fdd2 - - [28/Apr/2024:16:05:37 +0200] "GET /core/css/data/:image//svg/+xml/;base64/,PHN2ZyB3aWR0aD0iMTYiIGhlaWdodD0iMTYiIHZlcnNpb249IjEuMSIgdmlld2JveD0iMCAwIDE2IDE2IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxwYXRoIGQ9Im03LjkwNjIgMWE3IDcgMCAwIDAtNi45MDYyIDcgNyA3IDAgMCAwIDcgNyA3IDcgMCAwIDAgNy03IDcgNyAwIDAgMC03LTcgNyA3IDAgMCAwLTAuMDkzNzUgMHptMC4wOTM3NSAyLjY5OTJhNC4zIDQuMyAwIDAgMSA0LjMwMDggNC4zMDA4IDQuMyA0LjMgMCAwIDEtNC4zMDA4IDQuMzAwOCA0LjMgNC4zIDAgMCAxLTQuMzAwOC00LjMwMDggNC4zIDQuMyAwIDAgMSA0LjMwMDgtNC4zMDA4eiIgZmlsbD0iI2ZmZmZmZiIvPjwvc3ZnPgo/= HTTP/2.0" 404 5692 "https://cloud.example.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"
This does not occur when using another browser like Brave or Firefox on the iPhone/iPad. Just with Safari.
(I do not have any MacOS device to make a Safari test with those).
This is not related to a Nginx reverse proxy, the 404 errors occur when iPhone/iPad directly connect to the NC Apache server !
Please kindly note that I am not encountering any error in the Nextcloud logs, even in debug mode.
I could live with these errors, as from the client side, everything seems to work fine, you can use Nextcloud in a perfect experience.
The issue is that these multiple 404 errors in the Apache access.log trigger security tools like Crowdsec (who monitors access.log), with consequence of banning the iOS/iPadOS IPs. So my only way was to totally disable crowdsec.
I made many searches to understand why these erros occurs, but I totally failed to find any clue.
Did you ever experienced such a strange thing ?
Do you have any idea on where it could come from ?
Many thanks for any advices.
Here is the Nextcloud configuration file:
<?php
$CONFIG = array (
'instanceid' => 'ocxxxxx',
'passwordsalt' => 'xxxxx',
'secret' => 'xxxxx',
'trusted_domains' =>
array (
0 => 'cloud.example.com',
),
'datadirectory' => '/data',
'dbtype' => 'pgsql',
'version' => '28.0.5.1',
'overwrite.cli.url' => 'https://cloud.example.com',
'htaccess.RewriteBase' => '/',
'dbname' => 'nextcloud',
'dbhost' => 'localhost:5432',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => 'xxxxx',
'installed' => true,
'default_phone_region' => 'FR',
'default_language' => 'fr',
'default_locale' => 'fr_FR',
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => true,
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/var/run/redis/redis-server.sock',
'port' => 0,
'timeout' => 0.0,
),
'mail_from_address' => 'admin',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_domain' => 'example.com',
'mail_smtphost' => 'mail.example.com',
'mail_smtpport' => '465',
'mail_smtpsecure' => 'ssl',
'mail_smtpauth' => 1,
'mail_smtpname' => 'admin@example.com',
'mail_smtppassword' => 'xxxx',
'defaultapp' => 'files',
'trusted_proxies' =>
array (
0 => '192.168.85.61',
1 => '2001:0000:4136:e379:7000:52ae:4eba:cafe',
),
'overwriteprotocol' => 'https',
'simpleSignUpLink.shown' => false,
'maintenance' => false,
'logfile' => '/var/log/nextcloud/nextcloud.log',
'loglevel' => 2,
'enable_previews' => true,
'preview_max_x' => 1000,
'preview_max_y' => 1000,
'preview_libreoffice_path' => '/usr/bin/libreoffice',
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\TXT',
1 => 'OC\\Preview\\MarkDown',
2 => 'OC\\Preview\\PDF',
3 => 'OC\\Preview\\MSOfficeDoc',
4 => 'OC\\Preview\\JPEG',
5 => 'OC\\Preview\\PNG',
6 => 'OC\\Preview\\GIF',
7 => 'OC\\Preview\\BMP',
8 => 'OC\\Preview\\XBitmap',
9 => 'OC\\Preview\\MP3',
10 => 'OC\\Preview\\HEIC',
11 => 'OC\\Preview\\Movie',
12 => 'OC\\Preview\\MKV',
13 => 'OC\\Preview\\MP4',
14 => 'OC\\Preview\\AVI',
15 => 'OC\\Preview\\MSOffice2003',
16 => 'OC\\Preview\\OpenDocument',
),
'theme' => '',
);
Here is the Apache site configuration file:
<VirtualHost *:443>
ServerAdmin webmaster@example.com
DocumentRoot /var/www/nextcloud
ServerName cloud.example.com
Protocols h2
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</IfModule>
<Directory /var/www/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/cloud.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.example.com/privkey.pem
<FilesMatch "\.(?:cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
SSLProtocol TLSv1.3
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"