Restrict internal users to authenticate over public network

NextCloud version: 15.0.2
Apache or nginx version (eg, Apache 2.4.25) : Apache
PHP version: 7.2.1.6

The issue you are facing:

currently we are having users in the internal/private network and also public users, who can access from the internet.

Now we want to restrict the internal users connecting to the own cloud from the internet. And provide only to specific users/group to access from the internet.

Networks : private network and one natted public network to access to nextcloud.

Regards,
Mehak Saleem

If you have such kind of strict policies, I would create 2 instances for externals and internals and share content in between per federation feature. In this case you can have pure different access and other policies, as also make internal nextcloud not accessible from the internet.

Other wise check File access control App and create rules that if user try to access files not via private net - block access. Works good with Files automated tagging

i think it should also be possible with apache access-controls; you might find sth here (apache docs).
GOOD LUCK!