Nextcloud AIO 30.0.4 - 403 Forbidden - Favicon.ico

ℹ️ Support
, ,
1

Steps to replicate it (hint: details matter!):

  1. Simply open Website

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

nothing

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

image
image1700×642 35.5 KB

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

2024:12:17-09:08:12 httpd[2305]: [avscan:error] [pid 2305:tid 2314] [client MASKED:62935] [2305] virus daemon connection problem found in request /favicon.ico, referer

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{
    "system": {
        "one-click-instance": true,
        "one-click-instance.user-limit": 100,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": true
            }
        ],
        "appsallowlist": false,
        "check_data_directory_permissions": false,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "password": "***REMOVED SENSITIVE VALUE***",
            "port": 6379
        },
        "overwritehost": "***REMOVED SENSITIVE VALUE***",
        "overwriteprotocol": "https",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "pgsql",
        "version": "30.0.4.1",
        "overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***\/",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "updatedirectory": "\/nc-updater",
        "loglevel": "2",
        "log_type": "file",
        "logfile": "\/var\/www\/html\/data\/nextcloud.log",
        "log_rotate_size": "10485760",
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "preview_max_x": "2048",
        "preview_max_y": "2048",
        "jpeg_quality": "60",
        "enabledPreviewProviders": {
            "1": "OC\\Preview\\Image",
            "2": "OC\\Preview\\MarkDown",
            "3": "OC\\Preview\\MP3",
            "4": "OC\\Preview\\TXT",
            "5": "OC\\Preview\\OpenDocument",
            "6": "OC\\Preview\\Movie",
            "7": "OC\\Preview\\Krita",
            "0": "OC\\Preview\\Imaginary",
            "23": "OC\\Preview\\ImaginaryPDF"
        },
        "enable_previews": true,
        "maintenance_window_start": 100,
        "default_language": "de",
        "default_locale": "de_DE",
        "default_phone_region": "de",
        "skeletondirectory": "",
        "upgrade.disable-web": true,
        "mail_smtpmode": "smtp",
        "trashbin_retention_obligation": "auto, 30",
        "versions_retention_obligation": "auto, 30",
        "activity_expire_days": "30",
        "simpleSignUpLink.shown": false,
        "share_folder": "\/Shared",
        "one-click-instance.link": "https:\/\/nextcloud.com\/all-in-one\/",
        "upgrade.cli-upgrade-link": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/2726",
        "allow_local_remote_servers": true,
        "davstorage.request_timeout": 3600,
        "htaccess.RewriteBase": "\/",
        "dbpersistent": false,
        "files_external_allow_create_new_local": true,
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "25",
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "memories.exiftool": "\/var\/www\/html\/custom_apps\/memories\/bin-ext\/exiftool-amd64-musl",
        "memories.vod.path": "\/var\/www\/html\/custom_apps\/memories\/bin-ext\/go-vod-amd64",
        "memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
        "memories.vod.ffprobe": "\/usr\/bin\/ffprobe",
        "memories.gis_type": 2,
        "defaultapp": "",
        "preview_imaginary_key": "***REMOVED SENSITIVE VALUE***",
        "auth.bruteforce.protection.enabled": true,
        "ratelimit.protection.enabled": true,
        "app_install_overwrite": [
            "files_markdown"
        ],
        "documentation_url.server_logs": "https:\/\/github.com\/nextcloud\/all-in-one\/discussions\/5425",
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***"
    }
}

Firewall

If i disable the AV Scanner of the Firewall, the Website is available again. But this is not an Option.

2

Can you describe what problem you see here or would like to have fixed?

Nextcloud has no favicon.ico at /favicon.ico, this is expected behaviour. The favicon, however, is linked in the HTML header. This depend on your theme, for example:

<link rel="icon" href="/index.php/apps/theming/favicon/files?v=83d795fd">

However, there are still browsers and bots that call /favicon.ico, but this does not work. As long as you still see a favicon in the browser, I wouldn’t be worried.

For reference: https://cloud.nextcloud.com/favicon.ico (file not found)

3

Thats exactly the Problem. The HTML Part is blocking and the Website give back 403.

this is the logpart of the avscan of the firewall/avscanner/reverse proxy, when i try to open the cloud website:

2024:12:17-09:08:12 httpd[2305]: [avscan:error] [pid 2305:tid 2314] [client MASKED:62935] [2305] virus daemon connection problem found in request /favicon.ico, referer

image
image1401×405 17.3 KB

its only not happen, if i disable the avscanner.

I need to be sure, that this error is not coming from the cloud software.

4

So as soon as you activate AVScan (whatever that is), Nextcloud gibe back a 403? AVScan in this context sounds like a reverse proxy or webserver mod. If AVscan contains a WAF, you would have to configure there what should be allowed and what should not.

But I’m not sure if you’re in the right place for this in the Nextcloud forum…

I think you need to ask someone who has experience with your WAF/AVScan.

(But maybe I’m getting something wrong)

1 Like
5

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.