Is it possible to block the login from the internet for specific user

chayrag · August 15, 2020, 11:15am

Hi,
I set up my Nextcloud via the NextcloudPi image on my Raspberry Pi 4b. Everything works just fine.
I use NoIP as DynDNS service so I can login to my Nexcloud wherever I am. But this also means everyone else can try to log in.

To maximize security I think it would be nice to block the internet accesss for specific users.
For example the admin user and a user for my LibreELEC installation (I will create a user with all the music I want to play on my LibreELEC installation. because of the limited ability to type in a password I have a relativly weak one).

Both users (LibreELEC and admin) are not requiered to be accessible from the internet. Can I block the internet access to these both users entirely but still be able to use my personal user from anywhere i want?

In case this option doesnt exist, I would like to propose it for a future update.

Thank you for your help

OliverV · August 15, 2020, 2:55pm

The NC web has build in security, in addition to that you can and should enable UFW and fail2ban.
In ncp-web or via teminal ncp-config navigate to Security and enable it. Same for UFW.
You can tweak it manually later to allow only certain IP’s, I for instance allow only from my own and a few other countries.
Almost anything is possible in Linux, you could probably use .htaccess also to limit access.
I also use Telegram for 2FactorAuth, which adds another extra layer to secure accounts.

metbril · August 17, 2020, 4:32am

I think the real risk is not that someone tries to login using an existing account but tries to gain control using a vulnerability in NC. Your measures should be against those, I think.

devnull · August 17, 2020, 4:37am

@chayrag
I think you search 2FA.

https://apps.nextcloud.com/categories/security