Add whitelist configuration on bruteforce_configuration.rst #11347
Conversation
| - Login as admin and go to Administration settings -> Security | ||
|
|
||
| Note that any excluded IP address can perform authentication attempts without any throttling. | ||
| Its best to exclude as few IP addresses as you can, or even none at all. |
There was a problem hiding this comment.
Are issues with proxies mentioned on this page and that instead of excluding a (reverse) proxy it should be configured as trusted proxy?
There was a problem hiding this comment.
Yep, it's mentioned in the troubleshooting section below: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/bruteforce_configuration.html#troubleshooting
Shall we flip troubleshooting and exclude?
There was a problem hiding this comment.
don't know the exact syntax atm, but maybe we make this a warning box as well
| Its best to exclude as few IP addresses as you can, or even none at all. | |
| .. warn:: | |
| Its best to exclude as few IP addresses as you can, or even none at all. |
There was a problem hiding this comment.
Thank you for the good advice.
Reordered the content and updated the screenshot.
Signed-off-by: Quentin Dupont <[email protected]> Signed-off-by: Daniel Kesselberg <[email protected]>
|
/backport to stable28 |
|
Thanks @quentinDupont and @kesselb for taking the initiative on this! 😎 Comes up often enough. :) |
And should basically never be the solution. In most cases you are doing something else wrong, see the warning box. |
|
Indeed. I think making the RP/trusted_proxies/forward_for_headers interaction clearer by bumping it above the troubleshooting section and making it more "front and center" - as you suggested/this PR does - should help. |
☑️ Resolves
🖼️ Screenshots