App Login Method?

What WEBDAV method is used for app login? I blocked /index.php/login from apache config but users are still able to log in from the app.

What endpoint/method do I need to block to prevent initial login from apps?

I see this in the logs as the first method called, but my understanding is that blocking the below endpoint would block all webdav calls, I only want to block login based on IP. - user [19/May/2017:16:45:52 -0400] “HEAD /remote.php/webdav/ HTTP/1.1” 200 -

What you want to do is not possible without implementing a custom Nextcloud application that listens on the login hooks.

So at the moment you either need to implement such a feature yourself, or get someone else to implement it. As your posting history seems to indicate an enterprise usage: