This is a very quick tip that I just hope gets picked up by Google and saves somebody else some time.

If (like me) you run NextCloud on your own infrastructure to provide filesharing and collaboaration services, and you run it behind Cloudflare, you may find yourself banging your head against the screen trying to work out why everything works except for uploading files through the web interface.

Instead, you’ll get an enigmatic an unknown error occurred message in the web interface, and absolutely nothing in the NextCloud logs. Looking in your browser network logs may give you a clue - the PUT request to the /remote.php/webdav URL will be getting HTTP/403 (forbidden) responses.

I am here to save you some debugging…

It turns out that if you use Cloudflare’s WAF “Managed Rules” (which I think are on by default, and which even if they’re not - you probably should be using them anyway,) one of the rules in their ‘Managed OWASP’ ruleset is triggered by the PUT request from the NextCloud Web UI, and Cloudflare blocks it.

The Solution

The solution is simple. Go to your WAF configuration in Cloudflare (Security > WAF), and under Managed Rules you need to add an exception.

Click “Add an exception”, and set some suitable criteria to match requests (e.g. the specific host or URI path of your NextCloud installation,) and then “Skip specific rules from a managed ruleset”. The rule you want to skip is 949110: Inbound Anomaly Score Exceeded in the Cloudflare OWASP Core Ruleset:

949110: Inbound Anomaly Score Exceeded

Deploy your new rule, and hey-presto: working NextCloud through Cloudflare.