Restrict user GUI to one specific IP inside home network?

weka · October 14, 2025, 10:42pm

I have no support/technical question and have seen the support category. (Be aware that direct support questions will be deleted.)

on

Which general topic do you have

Hello!

Is it possible to restrict the user GUI to a specific IP, while at the same time synching apps on mobile devices can keep working?

In other words:

Android apps like DavX5 should be able to use NC from any network, local or mobile.
The user’s GUI should only be accessible from within the home network.

Is this doable?

wwe · October 15, 2025, 2:04pm

I don’t think it is possible in easy way. Definitely there are ways to allow/block requests to specific URLs e.g. but it would be hard to find out the right subset.

I’m wondering what would be the rationale behind this requirement?

weka · October 15, 2025, 4:30pm

Well, the idea behind my idea is to reduce the number of possible ways of having “uninvited guests”.

In my view, synching apps have two advantages over the user’s GUI:

There is NO visible GUI! If there is a GUI, someone will surely try to use it. I know there are ways to block unsuccessful login from trying again, but a visible GUI will always rise curiosity.
The app passwords will be stronger than what most users can think of. Furthermore, the app’s identities are taken into account, so it will be much harder to break into such a connection.

Another point is the fact that not every NC user really has a need for the GUI apart from doing administrative tasks, and these tasks can and should be made at home in a trusted environment. I believe there are many users who run NC on a private server just to synch their calendars, their contacts and some files between several devices. These users don’t need to do office work online, they don’t need to view CAD models, they don’t need anything else that can be done using NC. At least that is what I think, derived from my own situation and reading a lot of articles in lots of forums about NC.

Of course, my conclusion might also be totally wrong.

weka · October 21, 2025, 3:04pm

A good alternative solution I think would be to reduce the maximum numbers of login tries that trigger the brute-force app, let’s say down to 1 try. One false try could bann the remote IP for 24 hours or even indefinitely.

If I only need to login via the gui from my home pc, and that machine is white listed, that should not be a problem. And all synching apps on my mobile devices use their own app password. So this shouldn’t be a problem as well.

How do I change the settings for the brute-force app? Which occ commands do I need? I haven’t found any information about that yet.

devnull · October 21, 2025, 4:26pm

Maybe the hacker uses your ip. What about 2FA?

wwe · October 21, 2025, 7:55pm

it’s hard to say if removing UI would really reduce the attack surface.. I don’t believe the GUI is less secure that other protocols (webdav is required for sync, caldav/carddav for calendar and contacts - in total all of them expose almost all user data)

I believe following generic security best practices expecially using mfa as already suggested would help much more rather strange manipulations..

look at official docs use search and appropriate tags like bruteforcesettings-app and bruteforce

weka · October 23, 2025, 2:55pm

I agree to this uncertainty, but in the other hand it would at least be minus one possible attack target.

Yes, I totally understand this and agree to your point as well, but there are two arguments I could throw into the arena:

Every external app is identified by some criteria like name and version, and assigned a pretty good password by NC. I dare to say that these passwords would turn out stronger than most passwords users could think of. So an attacker would not only have to try bazillions of pretty good passwords, but also the correct identifiers.
If private users have admin access to their NC installation via ssh, I think there is no real need for the GUI after a synching app has been approved: you can not synch files using the GUI, you can not use it to sync your calendars or your contacts.

Just to clarify: I am not talking about NC in big enterprise installations, I am talking about private installations at home! Like I said before: according to what I found on the net by now, most private users have no need for things like a CAD viewer or an Office Suite as part of NC. I am not saying there are no users who need this, but it’s my assumption that the majority of private users want to synch their contacts and calendars and some files. And for this kind of users I think it would be a great idea to offer the option to deactivate the GUI or to reduce it to an internal IP, once they open their NC to the outside world.

And I also think it would be useful to provide an option to pre-set the maximum tries that would trigger the brute force app down to just 1 or 2 tries, because if you approve any external app, let’s say DavX5 on your phone, NC will assign a unique password to it and DavX5 will save that pw internally. After that, DavX5 will always identify to NC using that pw and apart from a faulty memory on your phone, it will always be valid. So, if at any time DavX5 would provide an error when trying to synch its data, the user will know that there might have been an attack and they could and should investigate.

Just my 2 cents!

wwe · October 23, 2025, 8:26pm

I have a different view and for me the UI is most important functionality for external access - this way I can access my cloud from untrusted PC (or such where I just don’t want to leave traces). but this is not the point - you mention valid points but I don’t such limitation will be implemented… just because it looks like the need is not huge.. and rather discussing theoretical improvements I would recommend you to focus on “real” security measures like strong passwords, monitoring external tools like fail2ban or crowdsec