I think it makes less sense. The user can copy data to another cloud or share with email. Sharing is a central nextcloud feature. For only upload/download use better tools like “Jirafeau” or “FileShelter”.
But perhaps you can limit nextcloud to 0 KB, use group-folder and special access. Sorry, not tested.
Thank you so much, i am sorry i did not get how we can achieve by group folder. As requested. When we enable “Allow user to share via Link” option, unfortunately by default anyone can share date to outside and download. So download is by default intact with this option. However I am looking only to enable “ Allow public upload” where non nextcloud user will get only link to upload and there is no download option .
Ok. Perhaps the admin can share a folder (read-only) with the internal users and also share the folder with file-drop (upload-only). Now your users can upload with public share, read with internal share but not re-share. Also i think you must set quota for all users (not admin) to 0 KB.
I use different public shares (upload-only, read-only, read-and-write) with short urls so i must not login for different nextcloud actions on this folder.
Thank you so much for your quick revert.
unfortunately i am not very familiar with all interface. how to control and restrict other users not to use “Allow user to share via Link” feature, because if i enable this, anyone can create public Link and share with anyone to download internal Data from outside, which i want to block.
i wish there was option to enable this feature for certain user or group
could you please help me to acheive this by your method
“Check Exclude groups from sharing to prevent members of specific groups from creating any file shares in those groups. When you check this, you’ll get a dropdown list of all your groups to choose from. Members of excluded groups can still receive shares, but not create any.”
What you can do is URL filtering in front of your Nextcloud. Here, I have a pfSense firewall and its HAProxy on the first line. They do the SSL work, so HAProxy can do URL filtering if needed.
What you can do is to filter out requests for URLs starting with /s/. These are the URLs for public download. Should you wish to use one for an upload only folder, you just need to whitelist that URL and every other one will be blocker.
But again, what would prevent your users from downloading a local copy of the file and sending it to Dropbox or attaching it to an e-mail ?
Thank you so much but i see \s\ is for upload also.
If we filter this out, upload also will block. Could you please explain how to get this achieve.
For your last query, external drive and other email gateway is being monitor and filtered out by Websense Data protection where we can not integrate nextcloud with Websense.
You given option may be working but i request your help in detail.
Sorry for the long delay… I have been more than busy these last months…
So in a reverse proxy like HAProxy, you create filtering rules like these ones :
–/s/known_upload_link_no1 ; ALLOWED
–/s/known_upload_link_no2 ; ALLOWED
–/s/approved_download_link_A ; ALLOWED
–/s/* ; DENY
That way, what you need will go through and everything else will be dropped.
Or if you have one exposed Nextcloud setup to public, where you set very strict default so nobody can share data but receive them and then shared the stuff internally via federated sharing. Perhaps this can help if the internal Nextcloud is less limited (but without external access at all).
For the sharing app, there are several options to restrict certain types of sharing, you could check the code and try to implement a solution that only allows the file drop.