[Bug]: status.php gives 403

[karlitschek]

⚠️ Before submitting, please verify the following: ⚠️

• This is a bug, not a question or a configuration issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server and Desktop Client are up to date. See Server Maintenance and Release Schedule and Desktop Releases for supported versions.
• I agree to follow Nextcloud's Code of Conduct

Bug description

Since updating to 3.12.1 I can't connect to Nextcloud anymore. I says that status.php returns a http 403. But when I try to access status.php with the browser or curl is give a 200 which is correct.

Steps to reproduce

open the desktop client and try to sync.
...

Expected behavior

no error
...

Which files are affected by this bug

all

Operating system

Mac OS

Which version of the operating system you are running.

macos 14.4

Package

Appimage

Nextcloud Server version

28.0.3

Nextcloud Desktop Client version

3.12.1

Is this bug present after an update or on a fresh install?

Updated from a minor version (ex. 3.4.2 to 3.4.4)

Are you using the Nextcloud Server Encryption module?

Encryption is Enabled

Are you using an external user-backend?

• Default internal user-backend
• LDAP/ Active Directory
• SSO - SAML
• Other

Nextcloud Server logs

..

Additional info

..

[jospoortvliet]

I encountered the same error, created debug archive. Also on Mac OS 14.4

• downgraded back to 3.12.0 - same 403
• downgraded to 3.11.2 - same 403

My other two accounts, christine on tech-preview.nextcloud.com (running 29.0.0 beta 1) and on cloud.josandcamila.com (private) both had no 403 issues. So it seems, to my non-technical eyes, a server issue. Perhaps over-active protection? Weird enough, I can visit the server just fine in the browser.

Find the debug archives of 3.12.1, 3.12.0 and 3.11.2 here: https://cloud.nextcloud.com/f/8411498 (internal link, folder shared with the desktop team)

Tried to connect with a VPN so the connection comes from a different IP address. Makes no difference, 403 forbidden.

[camilasan]

I also I tried to do what you did by installing 3.12.0 and upgraded to 3.12.1 and I don't get 403 against nextcloud.com (server 28.0.3.2) or against my private one (server 28.0.1.1).

[jospoortvliet]

Used client from command line to try and create a new account: it says it is unable to connect to cloud.nextcloud.com!

Screenshot: https://cloud.nextcloud.com/f/8411563
Logs in the test folder: https://cloud.nextcloud.com/f/8411572

Camila can't reproduce and has resorted to reading the code of the server check 🙈

[camilasan]

Now I am also affected by this after upgrading to mac OS Sonoma 14.4. Yesterday I was running 14.2.

[camilasan]

Our performance test server is also giving me a 403.

[nickvergessen]

We had a rule in apache to block a buggy client version: and the actual problem was the OSX version osx-23.4.0 matched that:

  # Protect against some bogus requests
  RewriteCond %{HTTP_USER_AGENT}  ^.*mirall.*3\.4\.0.*$
  RewriteRule . - [R=403,L]

Changed it to:

  # Protect against some bogus requests
  RewriteCond %{HTTP_USER_AGENT}  ^.*mirall\/3\.4\.0.*$
  RewriteRule . - [R=403,L]

Works again:

$ curl -H "Host: cloud.nextcloud.com" -H "User-Agent: Mozilla/5.0 (Macintosh) mirall/3.12.1git (build 21208) (Nextcloud, osx-23.4.0 ClientArchitecture: arm64 OsArchitecture: arm64)" -H "Accept: */*" -H "Accept-Language: en-DE,*" --compressed "https://cloud.nextcloud.com/status.php"
{"installed":true,"maintenance":false,"needsDbUpgrade":false,"version":"28.0.3.2","versionstring":"28.0.3","edition":"","productname":"Nextcloud","extendedSupport":false}

Old version is still blocked:

curl -H "Host: cloud.nextcloud.com" -H "User-Agent: Mozilla/5.0 (Macintosh) mirall/3.4.0git (build 21208) (Nextcloud, osx-23.4.0 ClientArchitecture: arm64 OsArchitecture: arm64)" -H "Accept: */*" -H "Accept-Language: en-DE,*" --compressed "https://cloud.nextcloud.com/status.php"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.52 (Ubuntu) Server at cloud.nextcloud.com Port 80</address>
</body></html>

[nickvergessen]

Our performance test server is also giving me a 403.

That had a copy of the same Apache2 config. Also adjusted there