I am running nextcloud AIO with reverse proxy. I want to configure modsecurity how is it possible? I just want to configure a rule where a url is blocked if accessed from a specific ip range.
Hi, I dont know much about modsecurity but you could potentially use this community container which allows to do geoblocking: all-in-one/community-containers/caddy at main · nextcloud/all-in-one · GitHub
Apart from that, there will be a way to limit admin actions to certain ip-ranges with Nextcloud 30: Hardening and security guidance — Nextcloud latest Administration Manual latest documentation
There are far easier ways to do that than mod_security. Check the manual for whatever web server you’re using as reverse proxy.
@jtr @szaimen thx for ur reply but i want to block access to https://domain.com/apps/mail/api/messages/846/attachment/2
for anyone accessing it outside of local network.
this would block users from downloading mail attachments outside of local network.
I’m using nginx proxy manager
Use your favorite search engine. Nginx (NPM included) can do this. e.g. https://www.reddit.com/r/unRAID/comments/vldhki/block_a_specific_sub_folder_using_nginx_proxy/
I was trying that, im able to deny request but not allow a subnet.
I’m trying the following, deny working on all but allow not working why?
location ~* ^/apps/mail/api/messages/\d+/attachment/\d+$ {
allow 192.168.0.0/16;
deny all;
}