May I disagree? It’s… load the page of SOGo. And the answer “wrong, dude”. The second try, there should be already the cache of previous access; if too many times the same IP try to login, Fail2Ban will take care of that.
Do what you please, but IMVHO, unless passwords are “fakewords security” level I would not be that concerned about possible external access.
Well @steve … at least try.
Give to some trusted people the “task” to try access 30/40 times from at least 3/4 different public ip addresses at the same time. And try to see how much data is used by 160 tried accesses, with Fail2ban active. It’s… a test. Maybe it’s not “comparable” as another whole country trying to guess logins and passwords, but it could provide some basic measure on resource usage.
If you consider nextcloud as a website, I would tend to say yes it is against the goal.
Nowadays informations ressources are often behind vpn because we speak now about intranet, so it could make a good point to decide who is able to connect.
Thanks to @stephdl for their work and help.
I want to test so I installed the nethserver-sogo package from the nethserver repository, and I found a new checkbox (setting.Webaccess).
This is it? How does it work if I select or not?
It was confusing that I forgot to remove the previously suggested custom template …
I removed the custom template, restarted its httpd and ran the signal-event nethserver-sogo-update command and it actually works as described by @stephdl although this was no doubt for me. I also confirm that the test was successful.
I don’t want to use Nextcloud instead of smb, but together. For a similar reason, I want to make Nextcloud access only available through VPN and a green interface like Sogo.