Host Prefix Nextcloud 15.0.5.3

How can I solved them?

1 Like

Unfortunately I don’t understand what you want to know. I learned that it is always helpful
to write full sentences with subject, predicate and object if you want other to answer your
question :wink:

My result Nextcloud security Scann.

How can I fixed them?

This question has been asked and answered multiple times in this forum,
see e.g. Security: __Host-Prefix cookie setting?

For example:
If your document root is “/var/www/nextcloud” and you have something like “alias /nextcloud /var/www/nextcloud” in your webserver configuration file you should delete this “alias”.

1 Like

@peteman52 Thank you!

In:
sites-available/default-ssl.conf -> alias deleted

A+

/.well-known/carddav
/.well-known/caldav

How can i fix it? Thx

You have to follow the provided links to the administrator documentation which gives you hints how to solve the problem. Additionally you can search this forum for issues related to the .well-known links.

           <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars

            </Directory>

            <Directory "/var/www/html/nextcloud/">
            AllowOverride None
            Require all granted
            </Directory>
            <Directory "/var/www/html/nextcloud/">
            Options +FollowSymlinks
            AllowOverride All
            <IfModule mod_dav.c>
            Dav off
            </IfModule>
            SetEnv HOME /var/www/html/nextcloud
            SetEnv HTTP_HOME /var/www/html/nextcloud
            </Directory>
            Redirect 301 /.well-known/carddav https://nextcloud.com/nextcloud/remote.php/dav
            Redirect 301 /.well-known/caldav https://nextcloud.com/nextcloud/remote.php/dav

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /nextcloud/remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
RewriteRule ^.well-known/host-meta.json /nextcloud/public.php?service=host-meta-json [QSA,L]
RewriteRule ^.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
RewriteRule ^.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
RewriteRule ^.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.) /nextcloud/remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.
- [R=404,L]
RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
RewriteRule ^(?:.|autotest|occ|issue|indie|db_|console).* - [R=404,L]

My .htaccess

where is my mistake?