Article on using the .htaccess file

wiseoldowl

Joined
Aug 19, 2008
Messages
251
Likes
0
Points
0
#1
For those who insist, despite all the advice to the contrary, on allowing outside access to the Elastix web interface by opening port 80 to the wide open Internet, at least please use the .htaccess file to control who can access the site. You've never heard of .htaccess? Then you need to read this article, which even includes a link to a handy fill-in-the-blanks htaccess file generator (better read the article first or you will likely be overwhelmed by all the options on this page!).

Personally, I would never under any circumstances open port 80 (or any other port that goes to a web-based interface) to the wide open Internet - I'd use ssh port forwarding instead, and use ssh public/private key authentication rather than passwords (and disallow password access to ssh). But I know that people often take the least painful path to getting something done, so if someone is absolutely insistent on opening up the web server on their Elastix box (probably so they can do maintenance from a remote location), at least use the .htaccess file to make sure that only YOU can get in, even if someone tries a brute-force attack on your password.
 

rafael

Joined
May 14, 2007
Messages
1,454
Likes
1
Points
0
#2
Thanks a lot wiseoldowl, you should never use port 80 if you can use por 443 with encryption. Of course a vpn or a ssh tunnel is something much more secure.

Best Regards,

Rafael
 

dard

Joined
Sep 18, 2008
Messages
16
Likes
0
Points
0
#3
There is a problem I have faced using both .htaccess and AuthLDAP to secure the Elastix site. After successfully authenticating, I can't launch FreePBX either by the link inside Elastix or by specifing /admin in the URL. The symptom is a blank page with the bottom left status alternating messages between 'wating for xx.xx.xx.xx" and 'connected to xx.xx.xx.xx'. The CLI very quickly displays the parsing of the manager.conf files and the manager 'admin' logged on/off messages. You can access /panel or /recordings okay, just not /admin. Without .htaccess or AuthLDAP enabled, FreePBX (/admin) works okay.
 

Members online

Latest posts

Forum statistics

Threads
30,901
Messages
130,885
Members
17,562
Latest member
colak
Top