Disable bruteforce protection

Question

Disable bruteforce protection

MiGrandjean opened this issue 8 years ago · 4 comments

While the bruteforce protection is a really nice feature, it's counterproductive in the case of the Univention Nextcloud App, unfortunately. The Univention Nextcloud App is running inside a Docker container and all the network traffic from and to Nextcloud is handled via the Docker bridge interface. This means all logins appear to come from 172.17.42.1 (the IP of the Docker bridge docker0).
This easily leads to situations where everyone is blocked and their logins get delayed.

See also: https://help.univention.com/t/5803 (german)

Answer 1 · 2017-06-09T08:46:45.000Z

As discussed on IRC, there is some config missing on Nextcloud side. Most importantly, we need to specify the IP address(es) of the Proxy server. Is there a reliable way to determine this on UCS?

Another requirement is that the Proxy sends the Forwarded-For Header, to my understanding Apache, which is in use, does this by default.

Answer 2 · 2017-06-23T23:44:44.000Z

@MiGrandjean ping?

Answer 3 · 2017-06-26T09:53:24.000Z

The IP address of the docker bridge is configured via the UCR variable docker/daemon/default/opts/bip
The IP address(es) of the UCS host is configured via the UCR variables interfaces/<devicename>/address, e.g. interfaces/eth0/address

Answer 4 · 2017-07-20T14:15:27.000Z

Fixed with #25