Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
NGINX Naxsi and Nextcloud Webdav
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: NGINX Naxsi and Nextcloud Webdav (Read 8045 times)
moe
Newbie
Posts: 31
Karma: 0
NGINX Naxsi and Nextcloud Webdav
«
on:
March 04, 2022, 03:33:26 pm »
Hi,
I have made a setup with a reverse proxy based on nginx and not on ha-proxy because i would use the naxsi features.
But whats happen now is, that the bot-protection ban every smartphone client with davx running.
As seen in the davx log it uses okhttp for the sync and as far as I know nginx detect this as bot.
So is there any way to made an expection for the okhttp or better for the client-subnet?
Thanks for your answer.
kind regards
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #1 on:
March 05, 2022, 03:09:06 pm »
No, but you can disable it entirely using a checkbox (advanced settings).
Logged
RamSense
Hero Member
Posts: 595
Karma: 10
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #2 on:
March 05, 2022, 03:38:33 pm »
maybe as some workaround: give the smartphones a static ip and when away from the (local)network using vpn with static ip per smartphone opnvpn / wireguard vpn.
than in nginx - http server - advanced settings - Naxsi Trusted Source IPs -> fill the static ip addresses of the smartphones and smartphones vpn IP's
Logged
moe
Newbie
Posts: 31
Karma: 0
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #3 on:
March 05, 2022, 06:21:21 pm »
@fabian
Im asking because I found an old Thread where you Post the Info that it would be able with OID, but I didn't understand how to solve this.
Do I need to create a local configuration on the cli? You have written there to use the plugin...
May you remember?
@Ramsense, I belive Naxsi Trusted Source would not help, because the problem exists without Naxsi enabled, it depends on the bot-protection.
Kind regards
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #4 on:
March 06, 2022, 03:40:03 pm »
This is not naxsi, but the plugin itself. Just enable the advanced options to make the setting visible.
Logged
moe
Newbie
Posts: 31
Karma: 0
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #5 on:
March 06, 2022, 04:47:25 pm »
hi fabian,
thats what I mean:
https://forum.opnsense.org/index.php?topic=11505.msg56331#msg56331
In this thread you have descriped a way to exclude okhttp from the bot-protection. Can you give some more details?
THanks
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #6 on:
March 06, 2022, 10:35:33 pm »
The UUID is used to create a directory to create a custom configuration include. With that you can customize the generated config with the risk of breaking it. You can find it in the config.xml.
Logged
moe
Newbie
Posts: 31
Karma: 0
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #7 on:
March 09, 2022, 08:06:21 am »
Thanks for your answer, but its still not really clear for me, in the config.xml I found many UUIDs. Do you mean the UUID from the API?
And where do I need to create the Folder? Root/Home/nginx config folder?
Please share more details, I would think a lot people would be interessted in that funktionality.
Thanks!
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #8 on:
March 09, 2022, 06:33:27 pm »
the nginx configuration directory.
Logged
moe
Newbie
Posts: 31
Karma: 0
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #9 on:
March 10, 2022, 07:46:27 am »
@fabian
Thanks, but why you would not like to share more information about that?
Isn't it possible to get an config example?
Logged
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #10 on:
March 10, 2022, 11:42:57 pm »
Example include:
https://github.com/opnsense/plugins/blob/master/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf#L359
You cannot get a config example because you have to write your custom include by yourself. This is functionality is hidden and intended for people who know what they are doing - especially when they look at the generated nginx.conf.
Every typo, Syntax error or logic error can break the entire plugin as there is no validation.
Logged
akif5561
Newbie
Posts: 3
Karma: 0
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #11 on:
March 26, 2024, 01:12:03 am »
@fabian
Same problem here
Not many posts about the Bot Protection of the nginx Plugin. Is it possible
to implement it to the Plugin GUI to make exclusions for User Agents instead of disabling it?
Would be a nice feature.
«
Last Edit: March 26, 2024, 01:13:59 am by akif5561
»
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #12 on:
March 26, 2024, 08:32:07 am »
https://github.com/opnsense/plugins/pull/3678
?
Logged
akif5561
Newbie
Posts: 3
Karma: 0
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #13 on:
April 01, 2024, 06:37:16 am »
Thank you @Fright !
Didn't look up the upcoming Pull requests on Github
Logged
Layer8
Full Member
Posts: 193
Karma: 4
Re: NGINX Naxsi and Nextcloud Webdav
«
Reply #14 on:
April 28, 2024, 11:50:09 pm »
I cant contribue a solution, but I think my problem fits in here.
We are using Keepass2Android on our mobile phones. We noticed some time ago, that its not longer possible to access the keepass databate which is located on a nextcloud server, which is behind a nginx on a opnsense.
I just found out, that the problem was the Bot Protection of the nginx. I disabled it and now we can access the nextcloud server with Keepass2Android again.
The strange thing was, that it was possible to access nextcloud with the nextcloud android app and other webdav clients all the time.
Hope this info will help some people who are looking for a solution.
I am also interested in a solution to enable the Bot protection again.
Edit: Keepass2Android has thrown this error message: protocol=h2, code=403
«
Last Edit: April 28, 2024, 11:53:05 pm by Layer8
»
Logged
Print
Pages: [
1
]
2
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
NGINX Naxsi and Nextcloud Webdav