Server: Access forbidden by rule (nginx config)

Created on 21 Oct 2018  路  4Comments  路  Source: nextcloud/server

Nginx, Nextcloud 14.0.3.

There are recommendations of Nginx config in online doc (https://docs.nextcloud.com/server/14/admin_manual/installation/nginx.html).

This one:
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; }

blocks requests to data/*, but when I surfing the tabs in admin panel, I see:

2018/10/21 13:46:27 [error] 3818#3818: *1 access forbidden by rule, client: *IP*, server: my.server, request: "GET /data/.ocdata?t=1540118787918 HTTP/2.0", host: "my.host"
2018/10/21 13:46:35 [error] 3818#3818: *1 access forbidden by rule, client: *IP*, server: my.server, request: "GET /data/.ocdata?t=1540118795540 HTTP/2.0", host: "my.host"
2018/10/21 13:46:37 [error] 3818#3818: *1 access forbidden by rule, client: *IP*, server: my.server, request: "GET /data/.ocdata?t=1540118797949 HTTP/2.0", host: "my.host"
2018/10/21 13:46:38 [error] 3818#3818: *1 access forbidden by rule, client: *IP*, server: my.server, request: "GET /data/.ocdata?t=1540118799160 HTTP/2.0", host: "my.host"
2018/10/21 13:46:39 [error] 3818#3818: *1 access forbidden by rule, client: *IP*, server: my.server, request: "GET /data/.ocdata?t=1540118800127 HTTP/2.0", host: "my.host"

I think there is a need to change the documentation or fix the code.

picture R0maNNN

Most helpful comment

This is correct. We check if thedata folder is not readable (*because that could expose data). So it is correct we check this. And it is correct that it is logged.

picture rullzer on 23 Oct 2018
👍4

All 4 comments

GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/7966 (13.0.0 RC2 nginx config gives "access forbidden by rule" GET /data/.ocdata?t=N), https://github.com/nextcloud/server/issues/8422 (Check wrong nginx config), https://github.com/nextcloud/server/issues/5117 (unsafe nginx config), https://github.com/nextcloud/server/issues/754 (Log in: Access forbidden, CSRF check failed), and https://github.com/nextcloud/server/issues/3517 (Server Error; Unable to access through nginx).

nextcloud-bot picture nextcloud-bot on 21 Oct 2018

cc @nextcloud/documentation ?

violoncelloCH picture violoncelloCH on 21 Oct 2018

This is correct. We check if thedata folder is not readable (*because that could expose data). So it is correct we check this. And it is correct that it is logged.

rullzer picture rullzer on 23 Oct 2018
👍4

firewall not open !

styzzz picture styzzz on 20 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

arno01 picture arno01  路  3Comments
ThomasLeister picture ThomasLeister  路  3Comments
blackcrack picture blackcrack  路  3Comments
j-ed picture j-ed  路  3Comments
jancborchardt picture jancborchardt  路  3Comments