Here were too many requests from your network. Retry later or contact your administrator if this is an error

I have many users under the same domain in my nextcloud installation all of those users under this domain now have this error There were too many requests from your network. Retry later or contact your administrator if this is an error. how to solve it

Why haven’t you tried to use the search function of this forum FIRST to find an answer on your question? :wink:

I read this solution they wrote it works with some of them two hours later and others 12 hours so I need to know how many time I have to wait and how to make it faster

Please read the thread again, because it is also written how you can clean-up the related database table to get it working again instantly.

where is the start point in source code for login to track the login thread

To be honest, I don’t know.

thank you very much,you did your best. :grinning:

Hye

Why haven’t you tried to use the search function of this forum FIRST to find an answer on your question?

I have the same problem and not found a solution with search function … :face_with_raised_eyebrow:
Which is the solution you have in mind ?

Thanks in advance
Chi

Hi @lechi

There is most likely a device in your local network that is trying to login with wrong credentials. Could be a phone or a tablet with DAVx5 or a computer with the desktop client installed.

The problem in many home and SOHO networks is that NAT loopback is used to acces the Nextcloud server via domain name and therefore all devices inside the local network access the server via the same IP address. This IP address then gets blocked when one device triggers the brute force protection, and then all other devices are affected too. The second possibility that can cause this issue, is a reverse proxy that does not correctly forward the IP addresses of the respective devices to the Nextcloud server.

The first case can be solved with a local DNS server, DNS overrides in your router if your router suports it or by simply whitelisting the IP address from which all your device access your Nextcloud server with this app. The second case can be solved with a correct reverse proxy configuration. I would not recommend whitelisting the reverse proxy’s IP, because by doing so you effectively disable the brute force protection also for devices that connect to your Nextcloud from the internet.

If IPs geting blocked by the bruteforce protection, you should actually see the corresponding IP address in the Nextcloud logs and thus be able to draw conclusions about what to do…

Hi there,
I know this topic is old. I just created an account to share my insight and, as I mean no harm, to summarize the possible ways of approach.
With all due respect - I get immense help from places like this forum and I cannot thank you enough for being helpful, but 10 months later…
I did try to use the search function to find a solution to my similar problem.
And I found this solved topic. Well the solution is: use the search function, which I already did, so here I am with a solved problem, without a solution :wink:

In old times when I used owncloud, I could limit the usage to my LAN, and it was enough for me. Time goes by and now I have to expose my nextcloud to Internet in order to be accessible at all (also from LAN). I am aware of bruteforce protection - the error seems to be self explanatory: too many tries.
What I (and possibly other people looking for an answer) need is either:

  • a) to overcome it once, so I can put a right password, get accepted and forget or

  • b) to disable bruteforce protection for my LAN.

I was actually searching for a).
Thank you @bb77 for pointing me to b). I will definitely check this out.
As for a) I will check things out, according to following posts from @jotatr and @michuvon

hello,

there are Nextcloud server 24.0.4, there are few clients at internal network — Desktop, iPhone, iPad

after mobile devices update to 4.4.2.0 I get

“Due to change in the Nexcloud application identifier, the settings and password for accessing your cloud are reset, so please re-enter your account data and check your Settings. We are sorry about that.”

looks bit shady, but ok, may be — under it Security warning:

“If you are not trying to set up a new device or app, someone is truing to trick you into granting them access to your data. In this case do not proceed and instead contact your system administrator.”

but I (as administrator) look at logs, it is my iPhone and iPad try to log in, from their internal addresses, then I try:

  • at server console: sudo -u www-data php occ security:bruteforce:reset 192.168.333.555 (iPhone address)
  • at SQL console: select * from oc_bruteforce_attempts; delete FROM oc_bruteforce_attempts;

nothing helps, because bruteforce table fills too quick

then I do something questionable, add to config.php


‘auth.bruteforce.protection.enabled’ => false,

second login grants me access to cloud and I edit config.php to:


‘auth.bruteforce.protection.enabled’ => true,

my questions:

  • did I get hacked (with offical iOS apps, restricted access from internal LAN or VPN),
  • how looks config string for BruteForce Whitelisting? if I don’t use dedicated app for this?

thanks,
Tas