Restrict internal users to authenticate over public network

Server
1

We have installed own cloud version 9.

For Authentication purpose we have enabled and configured ldap.

currently we are having users in the internal/private network and also public users, who can access from the internet.

Now we want to restrict the internal users connecting to the own cloud from the internet. And provide only to specific users/group to access from the internet.

operating systems : ubuntu 16.0.4
database : mariaDB
LDAP : openldap and windows 2008 AD

Networks : private network and one natted public network to access to owncloud.

Regards,

Rajendar chintala,

2

Hi,

the ownCloud community edition itself doesn't provide such a functionality. Only the enterprise edition allows such a restriction configuration:

https://owncloud.com/features/#FileFirewall

3

Thanks for the response Rancor, Is there any other option to restrict using config.php or using firewall...

Have seen some of the articles in which they show we can restrict using php configuration.

https://doc.owncloud.com/server/7.0EE/admin_manual/configuration_server/file_firewall_configuration.html#rule-definitions

4

Hi,

the linked feature of the Enterprise Edition in my post above is exactly the feature you're now referring to.

Maybe you can also make this app here compatible with recent oC versions:

https://apps.owncloud.com/content/show.php/ExtraSecurity?content=168084

5

Thanks for the link Ran, The link is very much i am looking for and i will test and update you on the requirement is fulfilled or not.

But, How do we install the extra security feature.

The instructions are not mentioned in the apps.owncloud.com site and also in the link provided by you.

Request you to please send the installation instructions also.

6

I don't have install instructions for this app nor i know if it is still compatible with recent ownCloud versions.

7

Found the Install Instructions.

Please find below.

Thanks Ran

INSTALL:

Place this app in owncloud/apps/

Add an "require_once 'apps/extrasecurity/lib/spy.php';" line in owncloud/remote.php file after first line (<?php tag) in order to intercept webdav/cardav.
If you get blocked by misconfigured rules you can define 'disable-xs' => '1' in owncloud config.php file to get web access.

8

Tried to implement extra security on owncloud 9 version.it installed but is not working.

when we try to create a rule and save it. it is not getting saved.

Can anyone help.

extrasecurity- notsaving rules.png1024x768 88.4 KB

9

Hi,

the app development documentation is available here:

https://doc.owncloud.org/server/latest/developer_manual/app/index.html

This can help you to make this app compatible with newer oC versions.

10

Nextcloud (it's a fork of owncloud) implemented this feature in their open-source edition. You want to take a look at this instead of re-developing old code on your own: https://github.com/nextcloud/files_accesscontrol
(both projects are still quite similar so that many apps work in both environments, not sure about this one though)

11

Dear tflidd,

Thanks for the help. Have see the project and need to know more in details.

Is the app only for netcloud or else can we use the same for owncloud also.

Didn’t find any installation instructions in the github.

Would thank you if you can share the App Installation and configuration procedure also.

Regards,
Rajendar chintala.

12

The app was written for Nextcloud and is shipped by default with Nextcloud. It could work on owncloud as well (you could start a fork based on that for owncloud rather than trying to update an old app from OC 8.0). For installation, you have probably to download the repo and extract it into your apps/-folder. I haven't tried it and I don't know if it works right away. If you go for this solution, keep in mind that code can change over versions and probably must be updated. As this app is not developed for ownCloud, it would be up to you to keep this working.