Bruteforce protection and Reverse Proxies
Nextcloud offers native support against brute force protection attacks, thus significantly enhancing your users' security.
The protection works on a per IP basis; this means that once a single IP address has performed too many invalid logins attempts the IP address in question will is throttled. The throttling is applied to multiple security related endpoints such as the login interface.
To work correctly, your Nextcloud server needs to be able to read the end-users IP address. If no reverse proxy is used then the $_SERVER['REMOTE_ADDR']
variable is used for this. This variable contains the IP address of the connecting client. In regular scenarios without reverse proxy this is already sufficient and no further configuration is required.
Subscriber exclusive content
A Nextcloud Enterprise Subscription provides unlimited access to our knowledge base articles and direct access to Nextcloud engineers.