{"id":456,"date":"2024-02-02T09:57:59","date_gmt":"2024-02-02T08:57:59","guid":{"rendered":"https:\/\/artheodoc.fr\/?p=456"},"modified":"2024-02-02T18:39:31","modified_gmt":"2024-02-02T17:39:31","slug":"nextcloud-reverse-proxy-et-attaques-par-force-brute","status":"publish","type":"post","link":"https:\/\/artheodoc.fr\/index.php\/2024\/02\/02\/nextcloud-reverse-proxy-et-attaques-par-force-brute\/","title":{"rendered":"Nextcloud reverse proxy et attaques par force\u00a0brute"},"content":{"rendered":"\n<p class=\"has-medium-font-size\"><strong>Nextcloud \u2013 protection contre les attaques \u2018force brute\u2019 derri\u00e8re un reverse proxy<\/strong><\/p>\n\n\n\n<p>\u00c0 la connexion \u00e0 Nexcloud via le navigateur WEB j\u2019avais le message suivant :<br><em>Nous avons d\u00e9tect\u00e9 plusieurs tentatives de connexion invalides depuis votre adresse IP. C\u2019est pourquoi votre prochaine connexion sera retard\u00e9e de 30 secondes.<\/em><\/p>\n\n\n\n<p>Si l\u2019on travaille derri\u00e8re un reverse proxy et si Nextcloud n\u2019a pas \u00e9t\u00e9 bien param\u00e9tr\u00e9, alors l\u2019adresse distante \u2018remoteAddr\u2019 sera celle du reverse proxy (<strong>192.168.2.1<\/strong> dans notre cas).Toute attaque par la force brute p\u00e9nalisera toutes les connexions qui passent par le reverse proxy !<\/p>\n\n\n\n<p>Il est possible d\u2019indiquer \u00e0 Nextcloud d\u2019utiliser l\u2019adresse fournie par le reverse proxy, par exemple dans le champ \u2018X-Forwarded-For\u2019, comme adresse distante !<\/p>\n\n\n\n<p>Le fichier de configuration de Nextcloud \u00e0 modifier (dans mon cas) :<br><strong>\/var\/www\/html\/nextcloud\/config\/config.php<\/strong><\/p>\n\n\n\n<p>On ajoute ces 2 lignes dans le fichier :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">'trusted_proxies' =&gt; array('<strong>192.168.2.1<\/strong>'),\n'forwarded_for_headers' =&gt; array('HTTP_X_FORWARDED_FOR'),<\/pre>\n\n\n\n<p><strong>Exemple avec mon fichier<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;?php\n$CONFIG = array (\n'instanceid' =&gt; 'oc42t0zl1q3f',\n'passwordsalt' =&gt; 'YWhFG1ChgSuIPsRQLoWE26HYis0dCw',\n'secret' =&gt; 'Mdd6Bnl25VmE4x1NsMhXHY13kdotumNM9xnmcmn0oE3TQ\/4F',\n<strong>'trusted_proxies' =&gt; array('192.168.2.1'),\n'forwarded_for_headers' =&gt; array('HTTP_X_FORWARDED_FOR'),<\/strong>\n'trusted_domains' =&gt;\narray (\n0 =&gt; 'cloud.memoirevive79.mooo.com',\n),<\/pre>\n\n\n\n<p> C\u2019est l\u2019IP publique servant \u00e0 l\u2019acc\u00e8s qui sera prise en compte \u00e0 la place de l\u2019IP du reverse proxy.<\/p>\n\n\n\n<p><strong>Plus d\u2019informations<\/strong><\/p>\n\n\n\n<p>Si on faire un copie du fichier avant de le modifier :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>cp config.php config.php.sav<\/strong><\/pre>\n\n\n\n<p>Le propri\u00e9taire et le groupe du fichier dans mon cas sont <strong>www-data<\/strong> (Apache).<\/p>\n\n\n\n<p><strong>Sur le WEB :<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/blog.bandinelli.net\/index.php?post\/2016\/10\/17\/Nextcloud%2C-protection-contre-les-attaques-force-brute-derri%C3%A8re-un-reverse-proxy\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/blog.bandinelli.net\/index.php?post\/2016\/10\/17\/Nextcloud%2C-protection-contre-les-attaques-force-brute-derri%C3%A8re-un-reverse-proxy<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\"\/>\n\n\n\n<p class=\"has-medium-font-size\"><strong>Agir sur la base de donn\u00e9es en cas de fausse d\u00e9tection d\u2019attaque par force brute<\/strong><\/p>\n\n\n\n<p><strong>Pour supprimer les IP de la table.<\/strong><\/p>\n\n\n\n<p>Pour se connecter en administrateur :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>mysql -u root -p<\/strong><\/pre>\n\n\n\n<p>Ouvrir la base de donn\u00e9es Nextcloud (<em><strong>utilisez le nom de votre base de donn\u00e9es<\/strong><\/em>) :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>USE <em>nomdelabase<\/em>;<\/strong><\/pre>\n\n\n\n<p>Ensuite, pour afficher toutes les tables :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>SHOW TABLES;<\/strong><\/pre>\n\n\n\n<p>Pour afficher toutes les valeurs de la table <strong>oc_bruteforce_attempts<\/strong> :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>SELECT * FROM oc_bruteforce_attempts;<\/strong><\/pre>\n\n\n\n<p>Pour supprimer une adresse IP de la table, utilisez :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>DELETE FROM oc_bruteforce_attempts WHERE IP=\"<em>xxx.xxx.xxx.xxx<\/em>\";<\/strong><\/pre>\n\n\n\n<p>Pour quitter :<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><strong>EXIT;<\/strong><\/pre>\n\n\n\n<p>Remplacez <strong><em>xxx.xxx.xxx.xxx<\/em><\/strong> par l\u2019adresse IP que vous voulez supprimer de la table.<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>Sur le WEB :<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/help.nextcloud.com\/t\/solved-bruteforce-detection-blocking-my-ip-but-theres-no-oc-bruteforce-attempts-database\/7652\/2\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/help.nextcloud.com\/t\/solved-bruteforce-detection-blocking-my-ip-but-theres-no-oc-bruteforce-attempts-database\/7652\/2<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nextcloud \u2013 protection contre les attaques \u2018force brute\u2019 derri\u00e8re un reverse proxy \u00c0 la connexion \u00e0 Nexcloud via le navigateur WEB j\u2019avais le message suivant :Nous avons d\u00e9tect\u00e9 plusieurs tentatives de connexion invalides depuis votre adresse IP. C\u2019est pourquoi votre prochaine connexion sera retard\u00e9e de 30 secondes. Si l\u2019on travaille derri\u00e8re un reverse proxy et [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[17],"tags":[18,20,21],"class_list":["post-456","post","type-post","status-publish","format-standard","hentry","category-nextcloud","tag-nextcloud","tag-nextcloud-talk","tag-reverse-proxy"],"_links":{"self":[{"href":"https:\/\/artheodoc.fr\/index.php\/wp-json\/wp\/v2\/posts\/456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/artheodoc.fr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artheodoc.fr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artheodoc.fr\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/artheodoc.fr\/index.php\/wp-json\/wp\/v2\/comments?post=456"}],"version-history":[{"count":2,"href":"https:\/\/artheodoc.fr\/index.php\/wp-json\/wp\/v2\/posts\/456\/revisions"}],"predecessor-version":[{"id":466,"href":"https:\/\/artheodoc.fr\/index.php\/wp-json\/wp\/v2\/posts\/456\/revisions\/466"}],"wp:attachment":[{"href":"https:\/\/artheodoc.fr\/index.php\/wp-json\/wp\/v2\/media?parent=456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artheodoc.fr\/index.php\/wp-json\/wp\/v2\/categories?post=456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artheodoc.fr\/index.php\/wp-json\/wp\/v2\/tags?post=456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}