feat(security): restrict admin actions to IP ranges

Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
author: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> 2024-07-12 16:25:49 +0200
committer: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> 2024-07-19 16:28:03 +0200
commit: 202e5b1e957a7692165a313710e38406ca4f6ff3 (patch)
tree: f1dd40c0e4399ebc0c9ca8df02e3168b7e4f7ae2 /config
parent: 8f975cda34b4b4f181646a54c15f7c511d6e8491 (diff)
download: nextcloud-server-202e5b1e957a7692165a313710e38406ca4f6ff3.tar.gz
nextcloud-server-202e5b1e957a7692165a313710e38406ca4f6ff3.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/config/config.sample.php b/config/config.sample.php
index 67110a1844a..9840fcfc97c 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -2208,6 +2208,16 @@ $CONFIG = [
 'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR'],
 
 /**
+ * List of trusted IP ranges for admin actions
+ *
+ * If this list is non-empty, all admin actions must be triggered from
+ * IP addresses inside theses ranges.
+ *
+ * Defaults to an empty array.
+ */
+'allowed_admin_ranges' => ['192.0.2.42/32', '233.252.0.0/24', '2001:db8::13:37/64'],
+
+/**
  * max file size for animating gifs on public-sharing-site.
  * If the gif is bigger, it'll show a static preview
  *
author	Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-12 16:25:49 +0200
committer	Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +0200
commit	202e5b1e957a7692165a313710e38406ca4f6ff3 (patch)
tree	f1dd40c0e4399ebc0c9ca8df02e3168b7e4f7ae2 /config
parent	8f975cda34b4b4f181646a54c15f7c511d6e8491 (diff)
download	nextcloud-server-202e5b1e957a7692165a313710e38406ca4f6ff3.tar.gz nextcloud-server-202e5b1e957a7692165a313710e38406ca4f6ff3.zip