Thanks alfredb, your were right (of course), but as I have been stumbling on the same problem the last two hours, I think there is an easy misunderstanding of what the ‘trusted_domains’ keyword exactly means. Just quoting: ‘both are related to the server, not the accessing client’ is true but also a bit cryptic.
People like myself will first think that ‘trusted_domains’ is their (client) ip or ip range, while it is not. ‘trusted_domains’ is actually what you type in your client browser to access your owncloud box e.g.:
- ‘localhost’ from your owncloud box itself
- ‘192.168.blah.blah’ from your home class C network computers
- ‘my.public.ip’ when accessing from the outside world
So basically there is only 3 (or rather 2) levels of denial of access provided (fine with me)… Maybe the evidence need to be rewritten a few times to become an evidence.