Bug #56
.htaccess file in bin folder causing problems on some systems
| Status: | Closed | Start: | 05/11/2009 | |
|---|---|---|---|---|
| Priority: | Urgent | Due date: | ||
| Assigned to: | jacobsj | % Done: | 100% |
|
| Category: | - | |||
| Target version: | Caller ID Superfecta v 2.0.1 |
Description
This file isn't used any longer and can just be removed. We attempted to get around the http authentication with this file, but it was not working in tests, so the solution was abandoned.
History
Updated by jacobsj over 2 years ago
- Status changed from New to Closed
- Target version set to Caller ID Superfecta v 2.0.1
- % Done changed from 0 to 100
Updated by tshif over 2 years ago
- Status changed from Closed to Feedback
Updated by jroper over 2 years ago
Here is just a quick outline of how PBX in a flash works in as far as htaccess security is concerned.
any file named .htaccess is completely ignored in PiaF, as the httpd.conf file is not set up to honour any .htaccess files.
Security to the freepbx directory, (admin) and the maint directory is handled by directory access in /etc/pbx/httpdconf/pbx.conf
However, some people have enabled .htaccess to be honoured in order to prevent directory listing of the /var/www/html/admin/modules directory, as the FreePBX developers intended, and therefore any .htaccess files in the system will be honoured, including the one erroneously put in the /admin directory by update-scripts, which prevents access to the entire admin directory, and if .htaccess is enabled, this would have to be deleted to get FreePBX to work again.
FonicaPABX/Foncordiax is a different setup, as we have enabled webserver mode for FreePBX, and used mod_auth_mysql to handle the security with .htaccess. This brings back the ACL functionality in the administrators screen, but also ensures that Apache handles the security of the system, rather than FreePBX, which has not been tested to the same degree as Apache in terms of security.
This explains to some degree the problems encountered by http://www.pbxinaflash.com/forum/showthread.php?t=4387 post 25.
So to summarise, any .htaccess files can be put into the web directories in PiaF, but will be ignored in a standard installation. This is good for modules, as the FonicaPABX system can have it's htaccess files in place in the modules without screwing up PiaF, unless someone has changed something.
I'm not fully familiar with superfecta, nor have I looked at the code, but Tony has explained the issue as Asterisk needs to get access to the php file, but cannot, because directory security gets in the way.
A possible solution to this would be to place the files required in /var/lib/asterisk/bin with the other php files and scripts used by FreePBX. I believe that this directory is accessible via the module installer.
Any questions, please let me know.
Joe
Updated by tshif over 2 years ago
- Status changed from Feedback to Closed