Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
Sebastian L. committed Aug 27, 2024
1 parent d1c197d commit 39e31a0
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
2 changes: 2 additions & 0 deletions parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ When previews are missing for files in the trash bin, a 404 error is returned wh

In rare cases HTTP Probing will be triggered when opening multiple folders quickly, Nextcloud checks for a ``readme.md`` file and if it doesn't exist a 404 error is thrown.

Auto uploading files from mobile clients authenticated with app token returns 403 on '/remote.php/dav/files/FILENAME' when checking for existing files.

---
### Creating files via WebDAV
When uploading files via WebDAV, a PROPFIND request is sent to the server, which returns 404 if the file does not
Expand Down
1 change: 1 addition & 0 deletions parsers/s02-enrich/crowdsecurity/nextcloud-whitelist.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,4 @@ whitelist:
- evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path matches '\\/apps\\/files\\/api\\/v1\\/thumbnail\\/(\\d+)/(\\d+)'
- evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/apps/bookmarks/bookmark' && (evt.Meta.http_path endsWith 'favicon' || evt.Meta.http_path endsWith 'image') #When loading NC bookmarks: some entries might have no favicon or no image
- evt.Meta.http_status == '404' && evt.Meta.http_verb == 'GET' && evt.Meta.http_path contains '/apps/bookmarks/folder' && evt.Meta.http_path endsWith 'publictoken' #When loading NC bookmarks: private folders have no publictoken
- evt.Meta.http_status == '403' && evt.Meta.http_verb == 'HEAD' && evt.Meta.http_path contains '/remote.php/dav/files' #Auto uploading files from mobile nextcloud clients authenticated with app token

0 comments on commit 39e31a0

Please sign in to comment.