FreePBX AllowList Caller Module -- to block all but a list of allowed callers

I guess it is maintained by Sangoma – I was thinking it might make sense to try some experiments before committing anything to the real module. I’d almost think that merging the allow list module with it might make sense in that case so both could use regex or other patterns.

I personally would use ARI and not the internals but that would be another thing to learn. I have examples in the wiki and github gist which are linked herd somewhere

How would you use ARI? I thought that was a restful interface to reach into Asterisk – is it capable of reaching out to an external system too? I’m guessing you would check numbers against an external system?

Thanks for developing this module, it is exactly what I we have been looking for!

I’ve setup a FreePBX server on DigitalOcean to test this out and am getting an error when trying to active this on an inbound route. This happens as soon as I press the submit button. The error is as follows:

Whoops\Exception\ErrorException thrown with message “Missing argument 3 for FreePBX\modules\Allowlist::didAdd(), called in /var/www/html/admin/modules/allowlist/ on line 83 and defined”

#4 Whoops\Exception\ErrorException in /var/www/html/admin/modules/allowlist/Allowlist.class.php:863
#3 Whoops\Run:handleError in /var/www/html/admin/modules/allowlist/Allowlist.class.php:863
#2 FreePBX\modules\Allowlist:didAdd in /var/www/html/admin/modules/allowlist/
#1 allowlist_hookProcess_core in /var/www/html/admin/libraries/moduleHook.class.php:72
#0 moduleHook:process_hooks in /var/www/html/admin/config.php:570

Any idea’s on how to get this resolved?


1 Like

Something got out of synch with my commits – try redownloading it – during development of the fwconsole command I changed didAdd to have only two arguments – somehow the definition was still expecting three.

I’ll have to review the other changes I made and make sure nothing else got out of sync.

That fixed it.

Thank you!

1 Like

Any ideas how to add an answer delay when using this module? I am ringing into it from google voice and running into their “fast answer” detection.

I have an answer delay in the inbound route but that only appears to be honored on allowed calls. Not allowed calls are supposed to be directed to an IVR and they are answered immediately no matter what the delay settings.

1 Like

I can think of two approaches, the cleanest of which would be a block of custom dialplan like this:

exten => _.,1,NoOp(entering user defined context from-trunk-delay in extensions_custom.conf)
exten => _.,n,Wait(2)    ; add 2 sec delay, adjust to suit
exten => _.,n,GoTo(from-trunk,${EXTEN},1)

then update your trunk to use the above named context instead of from-trunk. Then you can remove the delay from the inbound route config.

1 Like

That seems to work. Thanks alot for your help!

1 Like

Non allowed calls are kicked out of the inbound route early so probably don’t see the delay. I’ve never run into the fast answer issue with my GV number although we recently ported it away from GV because of their 20 second ring limit.

You can create a second inbound route with the delay and use that as a destination for your non-allowlisted calls. Turn off allowlist checking on that route and add a superfecta configuration with spam checking enabled. Set your IVR or other spam handler as the destination for that second route.

@mitchmitchell this was resolved in blacklist with commit

Same fix works for allowlist.

I’ve added the fix to my github repo. I’ll update the FreePBX contrib repo once they get my tree merged in.

Another question…
My goal with this project is to be able to protect users cell phones from spam callers. The call flow works as follows:

  1. Call comes into the users primary cell number which is set to forward to a number connected to FreePBX. (we are doing this forward trick so text messages using the standard text messaging app have the expected phone number)
  2. If the caller ID is in the allow list, it hits a ring group which rings the users unpublished secondary cell number. This is routed based on the inbound route.
  3. If the caller ID is not in the allow list it hits an IVR prompting them to press 1 to complete the call. Pressing 1 will then hit the same ring group for the user as in step 2.

This works great when there is only one user on the system or for multiple users when the number is in the allowlist. However, for multiple users, if the number is NOT in the allow list we run into a problem with step 3 as there is only a single destination for Non AllowListed Calls.

One option would be an IVR that says:
Press 1 to reach user1
Press 2 to reach user2…

I don’t really want to go that route since many times an inbound caller not in the allow list knows they are trying to reach phone number 111-222-3333 but may not know the name of the person they are trying to reach.

Any idea’s on how to get this to route based on the DID for Non Allowlisted Calls?

1 Like

Use Dynamic Routes after the robocall test. Branch the call based on channel variable ${FROM_DID} and config a separate destination for each configured DID on the system.

1 Like

I was sure there was a way but didn’t know how to implement it. I installed the Dynamic Routes module and configured it as you suggested and it works perfectly.

Thanks for your help!

1 Like

Due to some ‘entertaining’ circumstances I installed the Sangoma FreePBX image and transferred our configuration over to it manually this weekend. In the process of doing this I discovered that I can’t install the allowlist module immediately after starting the software because the splice operation fails as ‘gocall’ isn’t in place in the outbound path.

I need to change the behavior of the module to not attempt the splice unless the ‘auto add outbound callees’ is turned on. That will mean forcing a reload after the switch is changed.

Use Dynamic Routes inconjection with PINSETS

Create pinset called “BLOCK” and put in the CLID # of those you want to block (or allow, whatever your needs are)
have your Dynamic Route do a sql look up with the numbers in this list in the asterisk database

select description from pinsets where passwords like '%${FROM_DID}%'

(or whatever asterisk variable you want to match of your choice)

If there is a match, it will return the PINSET name, in this exampl "BLOCK: send them hangup call treatment
If no match, then off to whatever successful destination you want them to go to

I’ve added the ability to turn on autoadd functionality on a per outbound route basis. Still testing it but its available on my github branch “route-controlled” at

@dickson – effectively you are manually replicating the blacklist module doing it like that. You could build part of the allowlist functionality that way too of course, but some of the features would be missing.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

If you want to use Dynamic Routes to create a destination that automatically adds the caller’s CID number to the Allow List (i.e. after caller has successfully navigated an IVR or otherwise proved themselves not to be a robocall) you can do so using this expression:


This expression will not return anything useful, so you won’t be able to branch the call with this, just write it and move along to whatever the default destination is.