I created a little FAQ for my Nextcloud users and placed the HTML file in the web root directory besides the index.php and index.html.
Unfortunately this file is now accessible for the whole world via https://<mydomain>/faq.html
I understand that .htaccess is the file to look for, when it comes to deny access to specific file, but I don’t have any knowledge about how to configure .htaccess and would like to ask for help here.
Currently there are only module settings in my .htaccess (standard for Nextcloud 10.0 I believe) and I can see rewrite rules for mod_rewrite.c that probably secure some files.
However I fear to massively decrease my server’s security when I do some testing in this file.
How can I make sure that only logged in user can access this html file?
Security is most important to me, so I would really appreciate if the solution is a very safe way to go
You can only use the NC-internal sharing mechanism, but then they probably get the source code shown. This would be an idea for an app (I only found a very old plugin of dokuwiki).
Hi @tflidd,
Thank you for your response. I’m not an app developer, but sure such an app would be very nice, because it would be much easier to implement our own HTML pages into nextcloud. Hopefully somebody reads this and will write some code
Apart from the easy way with an app, I was hoping to receive some advice how I could achieve a secured HTML page by manipulating the .htaccess file. Do you know a good way?
Something like:
Deny all
Grant access to faq.html for logged in users
The information is not available on htaccess level, so that won’t work.
Now what you could do is, but it into your core/skeleton/ Folder, so new users automatically have it in their root of Nextcloudd, as soon as they log in.
In this case however, I wouldn’t use html but a doc/pdf/text file instead.
I thought about the standard files via core/skeleton/ as well, but with a quite huge faq for absolute beginners of cloud storage I enjoyed the features of dynamic (expanding and linking) in html files.
And true, when sharing or providing the html via skeleton, the users can only download the file, but not view as web content.
Well okay, I’ll stick to the current way then and continue to include the file in the root directory although everyone who has the link can see it.
Hopefully somebody will write an app soon.
