For those who insist, despite all the advice to the contrary, on allowing outside access to the Elastix web interface by opening port 80 to the wide open Internet, at least please use the .htaccess file to control who can access the site. You've never heard of .htaccess? Then you need to read this article, which even includes a link to a handy fill-in-the-blanks htaccess file generator (better read the article first or you will likely be overwhelmed by all the options on this page!). Personally, I would never under any circumstances open port 80 (or any other port that goes to a web-based interface) to the wide open Internet - I'd use ssh port forwarding instead, and use ssh public/private key authentication rather than passwords (and disallow password access to ssh). But I know that people often take the least painful path to getting something done, so if someone is absolutely insistent on opening up the web server on their Elastix box (probably so they can do maintenance from a remote location), at least use the .htaccess file to make sure that only YOU can get in, even if someone tries a brute-force attack on your password.