Is it overkill to add a .htaccess in front of the /admin folder of FreePBX, while still using auth_database? I’m the only person accessing the server, so I don’t mind adding the extra password, however, I’ll need to make sure that my users don’t need to use it when they access the ARI?
PBX in a flash already does this. It usually causes serious problems with ARI users. But besides that it’s worked well for them in the past. You dont have to add it with an htaccess though, you can do it in the httpd.conf files instead.