URL re-write to obfuscate Folder names

Nextcloud version (eg, 12.0.2): NextCloud 13.0.5
Operating system and version (eg, Ubuntu 17.04): Ubuntu 16.04
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.18
PHP version (eg, 7.1): 7.0.30

The issue you are facing:

I’ve recently noticed that URL patterns for Nextcloud follow something along the lines of this: https://cloud.domain.com/index.php/apps/files/?dir=/Web%20Stuff&fileid=8379 - this means URLs reveal folder structures. Is there a way that we can re-write these to be more random and less revealing? This probably has been like this for a long time, but just noticed it and would prefer something more cryptic so ISPs, MitM attacks and others can’t see folders and file names.

Is there a way of changing this?

I believe this is hard to achieve. A good practice to avoid any attacks against your data folder is to move it outside of /var/www/

Search the forums, there’s a handy instruction to accomplish this. Basically you need to move the folder and change settings in config files and database.

Yea we are doing that already (placing files in another data folder) but I’m thinking more about some of our users are in different countries that could not like some of the names, or word usage being used in those folder names.

Ah undersood, you’re pointing to another, deeper (just think about external storages and SMB) problem I am facing with some of my German customers on a daily basis. They are using Umlauts öäüß and special characters like &%(#,) in their file and folder names. And I have to admit I only have a “quite good solution” for them: “Don’t use special characters!”

1 Like

Well I’m glad I’m not the only one. :smile:

1 Like