anomaly0617
Member
- Joined
- Feb 9, 2012
- Messages
- 50
- Reaction score
- 11
I'm having the same problem others have run into when it comes to FreePBX and their auth-required "fix." Here's how it comes down:
An employee wants to access their user panel.
They go to http://pbx.examplecompany.local/recordings.
They get prompted for a username and password.
They type in their extension and password, repeatedly
Fail2Ban decides they suck and bans them for a half-hour. (I've since fixed this by whitelisting the subnet in fail2ban, but... you get the idea)
So, I google search and come up with this post: http://pbxinaflash.com/community/in...l-and-recordings-maint-password-needed.10773/
I've deleted ari.conf and restarted the httpd service. (Ok, ok, I moved ari.conf to the /root directory. I learned a long time ago that delete is forever but move and rename is generally safe)
I still get prompted for a password.
A "tail -f /var/log/httpd/access_log" shows me why:
It appears that data is still being requested from /admin/assets/ based on these logs.
My options appear to be to get rid of pbx.conf (which then opens my PBX up to anyone being able to get to the admin console, not a good idea) or have users repeatedly press Cancel until they get to the real username and password prompt. But even when they log in they get pestered.
Has someone found a good workaround to this?
An employee wants to access their user panel.
They go to http://pbx.examplecompany.local/recordings.
They get prompted for a username and password.
They type in their extension and password, repeatedly
Fail2Ban decides they suck and bans them for a half-hour. (I've since fixed this by whitelisting the subnet in fail2ban, but... you get the idea)
So, I google search and come up with this post: http://pbxinaflash.com/community/in...l-and-recordings-maint-password-needed.10773/
I've deleted ari.conf and restarted the httpd service. (Ok, ok, I moved ari.conf to the /root directory. I learned a long time ago that delete is forever but move and rename is generally safe)
I still get prompted for a password.
A "tail -f /var/log/httpd/access_log" shows me why:
[26/Feb/2014:17:44:23 -0500] "GET /recordings HTTP/1.1" 301 313 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:23 -0500] "GET /recordings/ HTTP/1.1" 200 6489 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /admin/assets/css/mstyle_autogen_1393357222.css?load_version=2.11.0.23 HTTP/1.1" 401 477 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /admin/assets/js/jquery-1.7.1.min.js HTTP/1.1" 401 477 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /admin/assets/js/jquery-ui-1.8.9.min.js HTTP/1.1" 401 477 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /admin/assets/js/pbxlib.js?load_version=2.11.0.23.1393451675 HTTP/1.1" 401 477 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /recordings/theme/main.css HTTP/1.1" 200 184 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
[26/Feb/2014:17:44:24 -0500] "GET /recordings/theme/spacer.gif HTTP/1.1" 200 43 "http://pbx.examplecompany.local/recordings/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
It appears that data is still being requested from /admin/assets/ based on these logs.
My options appear to be to get rid of pbx.conf (which then opens my PBX up to anyone being able to get to the admin console, not a good idea) or have users repeatedly press Cancel until they get to the real username and password prompt. But even when they log in they get pestered.
Has someone found a good workaround to this?