FOP accessable (visible) without any password

Hi Guy’s

First of all, Great work this distro. No crap, just all the pbx features we are looking for, without any unneeded apps.

I hosted this pbx, wich is working perfectly, but there is one thing that can be accessed without any password. The FOP panel.
So anyone from the internet can access my fop an see the status of my extensions and trunks plus see my extension numbers.

Am I overlooking something here?
Or can I thange this in a quite simple way?

Thanx in advance.

Now I see that I can acces everything (harmless but vissible)
(ex. http://pbxipdress/lang give plain language files of my pbx)
How can this be secured?

Are you using FOP or FOP2. FOP requires a password if you set one on the intial install screen where you create your FreePBX Username and Password. If you forgot to set one go into advanced settings in FreePBX and under FOP you can set the password.

Say what? http://pbxipdress/lang does not exist in the distro
Do you really use FreePBX Distro?

oepss, that was elastix, same problem there. but in elastix there are a bunch of more directorys in html (like lang dir)

I set the password, but that is for using fop (by the way I am using FOP1 from the distro.)
The problem is that anybody can see my extensions an device names without logging in. if the go to http://freepbxip/panel
Thanx for the quick answers by the way!

Ahh yes that is a issue with FOP and not much we can do since we just include FOP. I recommend not using FOP1 since it has lots of issues with asterisk 1.8 and is not longer supported.

And I recommend that you immediately remove access to http from Internet to your server.

Thank you for the advise!
I will disable FOP in Freepbx distro, thankfully there is an option for that.

As this thread deals with FOP and security, my problem is similar. I am trying to STOP FOP. I have followed the instructions in other threads to no avail.

I just want to turn off FOP.

Distro = AsteriskNow x64 latest
Asterisk =
Fpbx =

The FreePBX console shows that fop is disabled:

Server Status
Asterisk = OK
Op Panel = Disabled
Web Server = OK
SSH Server = OK

Everything works perfectly… except FOP is not off.

In the 2.9 FPBX Advanced Settings:

  • Flash Operator Panel -
    Disable FOP = True
    FOP Password
    FOP Sort Mode
    Start FOP with amportal = False


— CATEGORY: Flash Operator Panel —

Disable FOP

Default Value: FALSE


FOP Password

Default Value: passw0rd


FOP Sort Mode

Default Value: extension


FOP Web Root Dir

Default Value: /var/www/html/panel


Start FOP with amportal

Default Value: TRUE


Is there something I’m missing about where to turn of FOP