Hi, have the following code in /etc/httpd/conf.d/ssl.conf
> <VirtualHost xxx.xxx.xxx.xxx:443>
> DocumentRoot "/var/www/html"
>
> .
> .
> .
> ```
> </VirtualHost>
>
> > <Directory "/var/www/html">
> > AllowOverride All
> > AuthType Basic
> > AuthUserFile /etc/httpd/conf/webpass
> > AuthName "RESTRICED ACCESS"
> > require valid-user
> > satisfy any
> > Order allow,deny
> > Deny from all
> > Options -Indexes
> > </Directory>
Going to https://server.domain.tld the htpasswd dialogue pops up as it should. However going to http://server.domain.tld/admin/config.php No htpasswd dialgue box appears.
What might be the cause of this since it was thought anything below /var/www/html requires credentials such as /var/www/html/admin
Thanks.
Because there is an .htaccess file in /var/www/html/admin that is overriding the Apache config. You should update your Apache config to not allow overrides, which it is allowing currently.
Hi,
Regardless of what is put into <Directory “/var/www/html”> it doesn’t stop anyone from getting to FreePBX login page. ht is ignored. What does work is mv .htaccess htaccess in /var/www/html/admin. This way no one gets to FreePBX login page if they can’t get passed entering correct credentials for htpasswd box.
You are still allowing access here. Instead of allowing All directive access you are now allowing three specific directives. AuthConfig is the directive for authentication so you are still telling the server to allow .htaccess to override the auth configuration. Changing .htaccess to htaccess isn’t a proper fix as FreePBX could/probably will just write out the .htaccess file again.
Properly configuring your ssl.conf file will fix the problem. AllowOverride None << stops the .htaccess file from doing anything.
Now what is being seen with AllowOverride None is constant htpasswd dialogue box popup. Even when exiting FreePBX it displays htpasswd dialogue box. So far the only solution is to add require ip xx.xx.xx.0/24 for the range allowed into the FreePBX server. I think the problem lies in the .htaccess in /admin but as you’ve written, that file would probably be overwritten on an update. There is a way to fix that too but it might impact other URLs used to access other parts of FreePBX.