I installed avahi (bonjour/zeroconf/mDNS server) on my freepbx box so that I can refer to it by name instead of IP address (e.g. “http://pbx.local./admin/blah.php”) Unfortunately in doing so I have run afoul of some security measure, in that any time I try to edit some settings, I get an error page saying “POTENTIAL SECURITY BREACH: an attempt was made to modify settings from a URL that did not come from a FreePBX page.” I suspect that it is complaining because my web browser is using the pbx.local. name instead of the IP address which the web admin software does not recognize and thinks it’s some sort of cross site scripting attack or something like that. Anyway I poked around a bit and found the setting “CHECKREFERER” in /etc/amportal.conf. I tried setting it to FALSE but that didn’t work (still got the error message). I noticed I was running an older version of FreePBX (4.211.64-7) so I ran all the upgrade scripts and am now at 5.211.65-12 (which is the latest available version at the time I am writing this) but that didn’t fix it either. The only way I could find to disable the referer check is by removing the if-clause at line 106 in /var/www/html/admin/config.php. Is there a better way of doing this (is there some other setting somewhere that I am missing, or something else)?
bonjour to resolve a server? Why not DNS or lazily /etc/hosts ?
amportal.conf is present for historic reasons. It doesn’t do anything.
You make changes to settings in the advanced settings module.
You can fix your issue that way.
Avahi does seem a little heavy for what you are trying to do.