Yes perfectly understandable…no matter on that we are few with the english as mother tongue.
Like you said you could block attackers with fail2ban…bad login and you are kicked during x time
Sogo is a community effort any of us is able to propose or do a PR.
One objection if we go to that way I would love a UI checkbox to enable/disable it
That essentially makes this a “feature”, and not a “requirement” forced down your throat, wether you like it or not…
Open Source gives you such options!
My 2 cents
Andy
Yes, this would be a new feature …
Regardless of how it works fail2ban, intruders knock from a lot of IP addresses on red interface… This can be a serious network load …
Yes I am thinking of a checkbox or similar menu where you can choose from which interface to log in to SOGo, access the SOGo login web page.
I think the developers of Nethserver can solve this.
Is there anything I can do about it?
Thanks and Regards
May I disagree? It’s… load the page of SOGo. And the answer “wrong, dude”. The second try, there should be already the cache of previous access; if too many times the same IP try to login, Fail2Ban will take care of that.
Do what you please, but IMVHO, unless passwords are “fakewords security” level I would not be that concerned about possible external access.
We normally only restrict to trusted networks, obviously when you set a VPN it is added to the trusted network
So in short it is enabled to public or restricted to trusted network
Not possible to decide AND/OR
So no tcp/udp services are forwarded to the nethserver, no imap,smtp,pop of the email stack, except of course the udp vpn ports
All right, I take note of the opinions of others. I dare not mention that this would have been useful for Nextcloud as well …
If my request cannot be resolved, thank you for listening and you will forget my request.
Thanks and Regards
Happy Cristnas for all!
Well @steve … at least try.
Give to some trusted people the “task” to try access 30/40 times from at least 3/4 different public ip addresses at the same time. And try to see how much data is used by 160 tried accesses, with Fail2ban active. It’s… a test. Maybe it’s not “comparable” as another whole country trying to guess logins and passwords, but it could provide some basic measure on resource usage. 
nextcloud is a core package, so dev team must be agreed. What about @giacomo to make a property to restrict to public or private network ?
I’d say having Nextcloud not open to the public, it’s a bit against it’s original target 
It’s the first time I see such a request, so I would not include into the standard. Still, if you want, you can achieve it with a template custom.
If you consider nextcloud as a website, I would tend to say yes it is against the goal.
Nowadays informations ressources are often behind vpn because we speak now about intranet, so it could make a good point to decide who is able to connect.
yum install http://packages.nethserver.org/nethserver/7.9.2009/nethforge-testing/x86_64/Packages/nethserver-sogo-1.8.4-1.5.gaf37808.ns7.noarch.rpm
follow the QA : https://github.com/NethServer/dev/issues/6617#issuecomment-1000718906
ping, do not forget
Steph did a great work for this feature request?
Nobody want to give it a try?
@steve don’t be shy
Thanks to @stephdl for their work and help.
I want to test so I installed the nethserver-sogo package from the nethserver repository, and I found a new checkbox (setting.Webaccess).
This is it? How does it work if I select or not?
Thank you for your help.
If the checkbox is checked SOGo is accessible from public, see https://github.com/NethServer/dev/issues/6617
For your case it needs to be unchecked.
@stephdl thanks for your work!
It was confusing that I forgot to remove the previously suggested custom template …
I removed the custom template, restarted its httpd and ran the signal-event nethserver-sogo-update command and it actually works as described by @stephdl although this was no doubt for me. I also confirm that the test was successful.
@stephdl thanks for your work!
I would like to ask if this can be solved for Nextcloud as well?
Thank you all for your help.
Why use NextCloud instead of SMB if used only in LAN?
I don’t want to use Nextcloud instead of smb, but together. For a similar reason, I want to make Nextcloud access only available through VPN and a green interface like Sogo.