Nextcloud 27.0.0 not logging 'Trusted domain' errors in log

DavidMndz · July 18, 2023, 5:29pm

Nextcloud version: 27.0.0
Operating system and version: Debian 12
Apache or nginx version: Apache 2.4.57
PHP version: 8.2

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N): Yes

Steps to replicate it:

Try to log in your Nextcloud instance using a name / IP that connects to it, but it is not part of trusted domains in the configuration file.
Check the nextcloud.log

The only log where I can see something is in the /var/log/apache2/access.log:

XX.XX.XX.XXX - - [18/Jul/2023:19:19:06 +0200] "GET /apps/theming/css/default.css?v=34e90de1-0 HTTP/2.0" 200 1549 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36"
XX.XX.XX.XXX - - [18/Jul/2023:19:19:06 +0200] "GET /core/css/guest.css?v=5e811f91-0 HTTP/2.0" 200 5019 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36"
XX.XX.XX.XXX - - [18/Jul/2023:19:19:06 +0200] "GET /core/css/server.css?v=5e811f91-0 HTTP/2.0" 200 17371 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36"

Summary:

Until now, when an access was attempted using the IP it was logged as an error in the nextcloud log stating it was not using a valid ‘trusted domain’; I only have in the configuration the FQDN as a trusted domain.

Currently, I was checking if in Nextcloud 27 there was any update in the hardening part, related to the fail2ban configuration and while reviewing the logs I realised the log might not be working as expected, so I forced few attempts manually. The message is properly displayed in the browser but the “rejection” is not logged at all in the nextcloud.log. In the web admin page, in Logging, nothing is showed either even with Debug mode marked.

In the other hand, other errors, including the ‘failed login’ attempts are being logged properly.

Before opening a ticket in GitHub, I wanted to check here, just in case anyone else is able to reproduce the error to verify it is not only on my installation. Any idea about what else to check?

Thanks all!

Edit: I tested it in a test environment I have, running Nextcloud 26.0.3 and I see the same behaviour.

jtr · July 20, 2023, 10:49pm

Intriguing. I checked on my test instances (all the way back to NC24) and verified that these events aren’t getting logged. Which surprised me because I see the code there.

That code path is definitely being executed because the template that triggers the untrustedDomain (the one that spits out “Access through untrusted domain” in the browswer) - which is working - is right there with the logging:

github.com

nextcloud/server/blob/af6bb98b144d0d333cb29fdd9370ed4465f4ba6e/lib/base.php#L836-L850


      
          				http_response_code(400);
          				Server::get(LoggerInterface::class)->info(
          					'Trusted domain error. "{remoteAddress}" tried to access using "{host}" as host.',
          					[
          						'app' => 'core',
          						'remoteAddress' => $request->getRemoteAddress(),
          						'host' => $host,
          					]
          				);
          
          
				$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
          				$tmpl->assign('docUrl', Server::get(IURLGenerator::class)->linkToDocs('admin-trusted-domains'));
          				$tmpl->printPage();
          
          
				exit();