Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App serverinfo provokes ip ban by apps.nextcloud.com #1137

Closed
ernolf opened this issue Sep 13, 2023 · 3 comments
Closed

App serverinfo provokes ip ban by apps.nextcloud.com #1137

ernolf opened this issue Sep 13, 2023 · 3 comments

Comments

@ernolf
Copy link

ernolf commented Sep 13, 2023
edited
Loading

This morning I thought that apps.nextcloud.com was offline, so I posted it, but I soon found out that it was only inaccessible from my network's IP address. It was accessible from elsewhere.
After each IP change, it only took a few minutes until it was blocked again.

The cause seemed to be a browser tab with serverinfo open.

Nextcloud 27.1.0 RC3

Since there have been no recent changes in the serverinfo code, I submit this issue here with the question:
Could it be that there is a too strict fail2ban rule or something similar on the server?

This is the messages repeating every 5 minutes, "192.168.188.36" was the laptop with the opened serverinfo-tab:

{
  "reqId": "b8CBrwvBRdUCetZK2DNY",
  "level": 2,
  "time": "2023-09-13T23:55:17+02:00",
  "remoteAddr": "192.168.188.36",
  "user": "ich",
  "app": "appstoreFetcher",
  "method": "GET",
  "url": "/apps/serverinfo/update",
  "message": "Could not connect to appstore: cURL error 7: Failed to connect to apps.nextcloud.com port 443 after 11 ms: Connection refused (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://apps.nextcloud.com/api/v1/apps.json",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0",
  "version": "27.1.0.5",
  "data": {
    "app": "appstoreFetcher"
  }
}

After I close the serverinfo tab, the problem is over. Then I can with a new IP address access apps.nextcloud.com with curl (via script or directly from the console) or with the website as much as I want without being banned/blocked.

Opening serverinfo again results in an instant ban/block again.

Is this only hapening to me?

EDIT:
I was able to replicate this behaviour on all my instances, no matter what version, no matter what browser.

ernolf
@ernolf ernolf changed the title App serverinfo provokes ip ban by apps.nextcloud.com (NC 27.1.0 RC3) App serverinfo provokes ip ban by apps.nextcloud.com Sep 14, 2023
@ernolf ernolf mentioned this issue Sep 14, 2023
Open
@bigcat88
Copy link
Member

Thanks, I will take a look tomorrow at this.

@bigcat88 bigcat88 self-assigned this Sep 21, 2023
@kesselb
Copy link
Contributor

kesselb commented Nov 8, 2023

I cannot say if the rate-limiting here is to strict.

The underlying issue is likely in server and the way the apps fetcher works. Even if we have a most recent version of the apps.json file locally we still send a request to the apps store with the etag to make sure our copy is up-to-date.

The upcoming serverinfo apps (28, 27.1.4, 26.0.9) will not request the available app update when not needed and provide a flag to not request it for the monitoring endpoint: https://github.com/nextcloud/serverinfo#api

@bigcat88 bigcat88 removed their assignment Nov 8, 2023
@bigcat88
Copy link
Member

bigcat88 commented Jan 3, 2024

Server repo has merged PR regarding this, we can close this now.

@bigcat88 bigcat88 closed this as not planned Won't fix, can't repro, duplicate, stale Jan 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kesselb @bigcat88 @ernolf