SOLVED Recordings password

[anomaly0617]

I'm having the same problem others have run into when it comes to FreePBX and their auth-required "fix." Here's how it comes down:

An employee wants to access their user panel.
They go to http://pbx.examplecompany.local/recordings.
They get prompted for a username and password.
They type in their extension and password, repeatedly
Fail2Ban decides they suck and bans them for a half-hour. (I've since fixed this by whitelisting the subnet in fail2ban, but... you get the idea)

So, I google search and come up with this post: http://pbxinaflash.com/community/in...l-and-recordings-maint-password-needed.10773/

I've deleted ari.conf and restarted the httpd service. (Ok, ok, I moved ari.conf to the /root directory. I learned a long time ago that delete is forever but move and rename is generally safe)

I still get prompted for a password.

A "tail -f /var/log/httpd/access_log" shows me why:

[26/Feb/2014:17:44:23 -0500] "GET /recordings HTTP/1.1" 301 313 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:23 -0500] "GET /recordings/ HTTP/1.1" 200 6489 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /admin/assets/css/mstyle_autogen_1393357222.css?load_version=2.11.0.23 HTTP/1.1" 401 477 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /admin/assets/js/jquery-1.7.1.min.js HTTP/1.1" 401 477 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /admin/assets/js/jquery-ui-1.8.9.min.js HTTP/1.1" 401 477 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /admin/assets/js/pbxlib.js?load_version=2.11.0.23.1393451675 HTTP/1.1" 401 477 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /recordings/theme/main.css HTTP/1.1" 200 184 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"

[26/Feb/2014:17:44:24 -0500] "GET /recordings/theme/spacer.gif HTTP/1.1" 200 43 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"

It appears that data is still being requested from /admin/assets/ based on these logs.

My options appear to be to get rid of pbx.conf (which then opens my PBX up to anyone being able to get to the admin console, not a good idea) or have users repeatedly press Cancel until they get to the real username and password prompt. But even when they log in they get pestered.

Has someone found a good workaround to this?

 

[anomaly0617]

A follow-up to my own post:

Since this is a FreePBX problem, I googled FreePBX recordings password admin assets and found this post: freepbx.org/forum/freepbx/installation/authentication-prompts-for-ari-after-upgrade-to-2-10

On 7/17/2012, warmbowski has a response where they indicate that they used some code in the pbx.conf file to get around the error. I tried the suggested fix but found that it still gave everyone access to the admin side of FreePBX, which I don't want. But using this example as a springboard, I modified pbx.conf to look like the following:

#No password protect /var/www/html/admin/assets/css
<Directory /var/www/html/admin/assets/css>
Order Allow,Deny
Allow from all
Satisfy any
</Directory>

#No password protect /var/www/html/admin/assets/js
<Directory /var/www/html/admin/assets/js>
Order Allow,Deny
Allow from all
Satisfy any
</Directory>

#No password protect /var/www/html/admin/assets/images/jquery-ui
<Directory /var/www/html/admin/assets/images/jquery-ui>
Order Allow,Deny
Allow from all
Satisfy any
</Directory>

#Password proctect /var/www/html/admin
<Directory /var/www/html/admin>
AuthType Basic
AuthName "Restricted Admin Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require user wwwadmin maint
</Directory>

#Password protect /var/www/html/panel
<Directory /var/www/html/panel>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require user wwwadmin maint
</Directory>

#Password protect /var/www/html/maint
<Directory /var/www/html/maint>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require user maint
</Directory>

#Password protect /var/www/html/meetme
<Directory /var/www/html/meetme>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require user wwwadmin maint meetme
</Directory>

I restarted httpd and so far it seems to be working without prompting for the maint username and password.

As always, YMMV, but I hope this helps someone else along the way.

 

[Dan Lawrence]

Thanks! This helped me solve the same problem. Now I just need to figure out why it won't let me delete messages from the recordings web page. Probably permissions...

 

[anomaly0617]

Thanks! This helped me solve the same problem. Now I just need to figure out why it won't let me delete messages from the recordings web page. Probably permissions...

Glad to help. This one drove me bonkers for awhile looking for a solution to it!