I have been running FreePBX for a couple of years from an original asterisknow distro. All upgrades since then have been through Module Admin, although I upgraded asterisk from 1.4 to 1.8 manually nearly a year ago.
I am now running FreePBX 2.10.0.3 on Centos OS with Apache 2.2.3 and Asterisk 1.8.7.1
Recently I upgraded FreePBX to version 2.10 using module admin (carefully following the upgrade instructions from 2.9) but after completing this upgrade I was unable to access the web interface. The phones kept operating, but I was only presented with an “unauthorised access” error page through the browser.
Eventually I moved/renamed the .htaccess files and restored (apparently) normal operation.
Today I have applied the recent module updates to bring the Framework up to version 2.10.0.3. This has restored all of the .htaccess files and I am now presented with the same error. Again, I have moved/renamed all of the .htaccess files in order to restore “normal” operation.
Specifically I have moved/renamed the .htaccess files from the following directories:
/var/www/html/admin
/var/www/html/admin/modules
/var/www/html/admin/modules/fw_ari/htdocs_ari
/var/www/html/recordings
Clearly, these .htaccess files are necessary to the secure and proper operation of apache, but apache blocks all access when they are in place.
The apache error log looks like this:
[Thu Mar 29 10:33:48 2012] [alert] [client xx.xx.xx.xxx] /var/www/html/admin/.htaccess: deny not allowed here, referer: http://pbx.mydomain.com/admin/config.php
[Thu Mar 29 10:33:57 2012] [alert] [client xx.xx.xx.xxx] /var/www/html/admin/.htaccess: deny not allowed here
[Thu Mar 29 10:34:08 2012] [alert] [client xx.xx.xx.xxx] /var/www/html/admin/.htaccess: deny not allowed here, referer: http://pbx.mydomain.com/
[Thu Mar 29 10:34:10 2012] [alert] [client xx.xx.xx.xxx] /var/www/html/admin/.htaccess: deny not allowed here, referer: http://pbx.mydomain.com/
The contents of the /var/www/html/admin/.htaccess file looks like this
Disallow all file access first
(FilesMatch “…*$”)
Deny from all
(/FilesMatch)
Now allow /admin, /admin/config.php and /admin/index.php as well as the various assets
(FilesMatch “(^$|index.php|config.php|.(gif|GIF|jpg|jpeg|png|css|js|swf|txt|ico)$)”)
Allow from all
(/FilesMatch)
(For some reason I’ve had to replace the code brackets <> around the FilesMatch tags to display it correctly in this forum)
Just to see what happens, I also tried editing the first line of the .htaccess file to “Allow from all” instead of “Deny from all” on the first line, but then I get an error saying “Allow not allowed here”, so it looks like apache is not parsing the .htaccess file correctly or there is a syntax error of some kind?
I would very much appreciate some help from anyone who has some experience of how these files are supposed to work.
Many thanks,
Andy Woolford