we have scanned our nextcloud installation and found some vulnerabilities. I expect to find some help on these issues. they are mostly information leak problems. I want to prevent/disable these issues…
1- nextcloud version can easily be found by examining index.php source.
2- when we make a request /apps/lookup_server_connector, instead of deny access, we get redirect (http 303) so this manifests our directory structure.
3- some files can be downloaded without authentication such as
4- some pages, although not downloaded, returns http 200 which reveals that they exist on our system, such as
status.php (and many more)
5- how can I disable webdav service safely. what is it used for
6- help pages can be seen without auth. such as
7- how can I force HSTS (HTTP Strict Transport Security)
NextCloud ver: 20.0.8
I think these issues are mostly related with apache. so here our our httpd.conf file
<Directory /> AllowOverride none Require all denied </Directory> <Directory "/var/www"> AllowOverride All # Allow open access: Require all granted </Directory> # Further relax access to the default document root: <Directory "/var/www/html/nextcloud"> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory>