Article on using the .htaccess file

Discussion in 'General' started by wiseoldowl, Feb 17, 2009.

  1. wiseoldowl

    Joined:
    Aug 19, 2008
    Messages:
    251
    Likes Received:
    0
    For those who insist, despite all the advice to the contrary, on allowing outside access to the Elastix web interface by opening port 80 to the wide open Internet, at least please use the .htaccess file to control who can access the site. You've never heard of .htaccess? Then you need to read this article, which even includes a link to a handy fill-in-the-blanks htaccess file generator (better read the article first or you will likely be overwhelmed by all the options on this page!).

    Personally, I would never under any circumstances open port 80 (or any other port that goes to a web-based interface) to the wide open Internet - I'd use ssh port forwarding instead, and use ssh public/private key authentication rather than passwords (and disallow password access to ssh). But I know that people often take the least painful path to getting something done, so if someone is absolutely insistent on opening up the web server on their Elastix box (probably so they can do maintenance from a remote location), at least use the .htaccess file to make sure that only YOU can get in, even if someone tries a brute-force attack on your password.
     
  2. rafael

    Joined:
    May 14, 2007
    Messages:
    1,454
    Likes Received:
    1
    Thanks a lot wiseoldowl, you should never use port 80 if you can use por 443 with encryption. Of course a vpn or a ssh tunnel is something much more secure.

    Best Regards,

    Rafael
     
  3. dard

    Joined:
    Sep 18, 2008
    Messages:
    16
    Likes Received:
    0
    There is a problem I have faced using both .htaccess and AuthLDAP to secure the Elastix site. After successfully authenticating, I can't launch FreePBX either by the link inside Elastix or by specifing /admin in the URL. The symptom is a blank page with the bottom left status alternating messages between 'wating for xx.xx.xx.xx" and 'connected to xx.xx.xx.xx'. The CLI very quickly displays the parsing of the manager.conf files and the manager 'admin' logged on/off messages. You can access /panel or /recordings okay, just not /admin. Without .htaccess or AuthLDAP enabled, FreePBX (/admin) works okay.
     

Share This Page