Nextcloud is a good suite, I like so much, but I have some problems to solving after putting this system into a production environment.
I realized that the files can be accessed from internet (I have de warning in the main amdin page). but this only happens when I navigate in HTTPS. When I navigate with HTTP I CANT see thew files, the system immediately redirects my to the login page (That is good).
I don’t know why the system with HTTPS let everybody get access to the files. example: https:\mypoorsite.com\nexcloud*data*
Something strange happens, when I search .htaccess file nothing shows up. There is not o my data folder or nextcloud root folder.
It was a little bit difficult for me because I am new in this environment of web services.
For my case, this is the solution:
What I said before: my server is CentOS and httpd service installed.
1- Locate the httpd conf file in this route: /etc/httpd/conf/httpd.conf
2- Add the following lines to DENY access to the entire folder, subfolder, and archives on DATA folder. Example:
3- Save the change, and restart the httpd service sudo systemctl restart httpd, that’s all.
You can see now your server shows you this advice when you try to access on that URL:
I don´t know why my .htaccess file doesn’t work in my server setup but this little config change can make the difference and keep the server’s files secure :).
