[Feature Request] Network Access Management (Any Suggestions)

1. Is your feature request related to a problem? Please describe.

We lack a comprehensive way of managing network access for users. The current system lacks detailed control over who can access Nextcloud from unauthorized, or “Other,” networks. This poses a potential security risk, as it limits the ability to manage users who may connect via unpredictable IP addresses such as those from dynamic internet connections or mobile applications…

2. Describe the solution you’d like

I propose the addition of a Network Access Management feature with the following capabilities:

  • User List Network Identification: Show the network a user is currently active and connected from in the user list.
  • Network Definition: Allow admins to define and categorize different networks.
  • Authorized Networks: Enable admins to define authorized networks by specifying an IP address range, a network name, and assigning an icon.
  • Unauthorized Networks: Automatically consider any network not listed in the authorized network list as unauthorized. Provide the ability to selectively allow certain users to connect from these networks.
  • Adding a Network: Add an option to create a new network with specific details such as the network name, icon, and IP address. Support both IPv4 or IPv6 addresses.
  • Access for Other Networks: Provide control over which users can connect from unauthorized (other) networks.

These features should be toggle-able based on admin preference.

3. Describe alternatives you’ve considered

An alternative could be integrating with a third-party network management tool, but this would likely be less seamless for the user and could introduce compatibility issues.

4. Additional context

This feature would greatly enhance the security and control admins have over their Nextcloud instances. It would be beneficial for every nextcloud user.

That sounds feasible to me. I think it could also be simplified a bit. For example, define a list of LAN IP ranges, and have a group for users who are allowed to log in outside those ranges.

For more detailed operations like filtering by country or RIR, security would be better to handle that at the firewall or web server before they connect to Nextcloud.

Thank you for your feedback.

I have created a issue in github also GitHub Issue 38220