Hi,
I want to disable WebDAV for my Nextcloud site. It seems I can disable it by hard-coding return false;
in the first line of the validateUserPass()
method in the file apps/dav/lib/Connector/Sabre/Auth.php. Is there a better way to do this?
bump thoughts anyone? Am I doing this right?
Historically I had WebDAV disabled (this is true on owncloud 7, 8, nextcloud 9, probably 10). And I did with nginx in reverse proxy this way:
location /remote.php/webdav {
return 404;
}
Because sometimes you don’t want people accessing “that files” everywhere with every device.
But Nextcloud 12 forces you to allow (always!) WebDAV everywhere. I tried your solution and this makes “files” app to not list ANY files. Seems that new version uses WebDAV heavily even the web-browser.
I’m very unhappy with this decision. ALL the data that is stored in nextcloud is tightly coupled with risky devices/operating systems as windows and android. For example, if ransomware or something like this starts a generic scan to common file system parts: this files will be affected. That’s why I prefer a browser-only filesystem. Some have an alternative workaround?
If nextcloud community is not providing me this anymore, I would have to search for an alternative that helps me protect the files.
Talking with someone in IRC found a solution: there is an app called files_accesscontrol
link: File access control - Apps - App Store - Nextcloud
There is a predefined way to do that:
I tried with davs://example.com/remote.php/webdav
with caja and I can auth, see the metadata but when I try to open a document I cannot
no, if you do the previous suggestion you cannot access files via web. Tried blocking user agent but with dav I can access everything
here is how I solved it https://github.com/nextcloud/files_accesscontrol/issues/90#event-1466245534
(sorry if I disturbed the thread)
And I did with nginx in reverse proxy this way:
I like that better. Thanks for the tip!