Hello, this is my second post here.
Nextcloud is a good suite, I like so much, but I have some problems to solving after putting this system into a production environment.
I realized that the files can be accessed from internet (I have de warning in the main amdin page). but this only happens when I navigate in HTTPS. When I navigate with HTTP I CANT see thew files, the system immediately redirects my to the login page (That is good).
I don’t know why the system with HTTPS let everybody get access to the files. example: https:\mypoorsite.com\nexcloud*data*
Something strange happens, when I search .htaccess file nothing shows up. There is not o my data folder or nextcloud root folder.
What you thing guys?
Please, help me. Thank you so much!
PD: SYSTEM SPECS:
With .htaccess Nextcloud rewrite urls and deny directory listening. Copy .htaccess perhaps from Github. Hope it works.
Thank for you reply.
Where I have to put the .htaccess file?. On nexcloud root folfer or nextcloud/data folder?.
I copied the .htaccess file to my data folder but the problem still there
Is there another way to block the acces to the data folder? Without .htaccess file?
Hi guys, I found the solution. Pretty simple.
It was a little bit difficult for me because I am new in this environment of web services.
For my case, this is the solution:
What I said before: my server is CentOS and httpd service installed.
1- Locate the httpd conf file in this route: /etc/httpd/conf/httpd.conf
2- Add the following lines to DENY access to the entire folder, subfolder, and archives on DATA folder. Example:
3- Save the change, and restart the httpd service sudo systemctl restart httpd, that’s all.
You can see now your server shows you this advice when you try to access on that URL:
I don´t know why my .htaccess file doesn’t work in my server setup but this little config change can make the difference and keep the server’s files secure :).
Thank so much the people who helped me with this.