I have been running FreePBX for a couple of years from an original asterisknow distro. All upgrades since then have been through Module Admin, although I upgraded asterisk from 1.4 to 1.8 manually nearly a year ago.

I am now running FreePBX 2.10.0.3 on Centos OS with Apache 2.2.3 and Asterisk 1.8.7.1

Recently I upgraded FreePBX to version 2.10 using module admin (carefully following the upgrade instructions from 2.9) but after completing this upgrade I was unable to access the web interface. The phones kept operating, but I was only presented with an “unauthorised access” error page through the browser.

Eventually I moved/renamed the .htaccess files and restored (apparently) normal operation.

Today I have applied the recent module updates to bring the Framework up to version 2.10.0.3. This has restored all of the .htaccess files and I am now presented with the same error. Again, I have moved/renamed all of the .htaccess files in order to restore “normal” operation.

Specifically I have moved/renamed the .htaccess files from the following directories:

/var/www/html/admin
/var/www/html/admin/modules
/var/www/html/admin/modules/fw_ari/htdocs_ari
/var/www/html/recordings

Clearly, these .htaccess files are necessary to the secure and proper operation of apache, but apache blocks all access when they are in place.

The apache error log looks like this:

[Thu Mar 29 10:33:48 2012] [alert] [client xx.xx.xx.xxx] /var/www/html/admin/.htaccess: deny not allowed here, referer: http://pbx.mydomain.com/admin/config.php
[Thu Mar 29 10:33:57 2012] [alert] [client xx.xx.xx.xxx] /var/www/html/admin/.htaccess: deny not allowed here
[Thu Mar 29 10:34:08 2012] [alert] [client xx.xx.xx.xxx] /var/www/html/admin/.htaccess: deny not allowed here, referer: http://pbx.mydomain.com/
[Thu Mar 29 10:34:10 2012] [alert] [client xx.xx.xx.xxx] /var/www/html/admin/.htaccess: deny not allowed here, referer: http://pbx.mydomain.com/

The contents of the /var/www/html/admin/.htaccess file looks like this

Disallow all file access first

(FilesMatch “…*$”)
Deny from all
(/FilesMatch)

Now allow /admin, /admin/config.php and /admin/index.php as well as the various assets

(FilesMatch “(^$|index.php|config.php|.(gif|GIF|jpg|jpeg|png|css|js|swf|txt|ico)$)”)
Allow from all
(/FilesMatch)

(For some reason I’ve had to replace the code brackets <> around the FilesMatch tags to display it correctly in this forum)

Just to see what happens, I also tried editing the first line of the .htaccess file to “Allow from all” instead of “Deny from all” on the first line, but then I get an error saying “Allow not allowed here”, so it looks like apache is not parsing the .htaccess file correctly or there is a syntax error of some kind?

I would very much appreciate some help from anyone who has some experience of how these files are supposed to work.

Many thanks,

Andy Woolford

It may be related to your primary httpd.conf file permissions.

Try having a look at what is provided on the FreePBX Distro for the primary httpd.conf file since those .htaccess files work fine in conjunction with FreePBX.

You can also disable .htaccess influence form your httpd.conf file but in doing such, you will want to make sure you put the proper protections in place in that file so that your system is secure. You can think of the .htaccess files as a level of “guidance” which cane be controlled 100% from your httpd.conf if you want.

As a general rule, we try to use the .htaccess files as a “second” line of defense with other defenses put in place inside of FreePBX. None the less, you don’t want to ignore what we have in there unless you are in a trusted environment where anyone who has access to your system you are not concerned with, and where you are not allowing internet access to your system outside of VPN tunnels, which should anyhow be the case.

Thanks Philippe,

I’m not really much of a linux guru… I just clunk around, (trying to do exactly what I’m told of course). Where would I find the “standard” FREEPBX httpd.conf file to download? …and where should I put it? For example is there a wget or a yum command which will install it?

Thanks again.

Andy Woolford

Andy,

It may be easier to simply reinstall with the FreePBX Distro and have everything “just work.”

The httpd.conf files are located in two places, the master file is:

/etc/httpd/conf/httpd.conf

and then there are files that get included from:

/etc/httpd/conf.d

such are I believe there should be one called freepbx.conf there. The combination of the main httpd.conf and the included ones from conf.d make up your "full’ httpd.conf.

As mentioned, from the sound of your reply you may be best off just backing up your system, reinstalling the distro and then do a restore. If you do that, make sure to upgrade FreePBX to the latest before backing up so the restore goes as smoothly as possible.

Thanks Again Phillipe,

I must chuckle slightly because I looked at the “backup and restore” functions of FreePBX 2.10.03 today - and though “how the hell does this work?”

I take it I can reinstall FreePBX from a distro, without losing all of the other stuff on my machine? (sendmail etc) I don’t want to have to start from a reformatted hard drive…

Andy

you would be starting form a reformatted hard disk, but if you use the backup module, and of course backup off the local system, then you would get pretty much your entire system back.

To the extent there is some things you need to re-setup, it will probably be worth the minor inconvenience vs. the long term headaches it sounds like you may otherwise run into.

Thanks again for your patience

Do you think the .htaccess issue is a major headache to fix without having to reformat and start again? TBH I find the prospect of backing up and reformatting far more daunting than simply copying across the correct httpd.conf file.

The reason being is I have no idea how to configue an external MYSQL server to act as a backup. I’m also in the UK and the server is in Florida. Even so, the parameters on the “Backup and Restore” page in FreePBX are completely alien to me, so I don’t know how to make sure all of the other applications and essential linux files on the machine get backed up and restored as well. Over the couple of years I’ve had the machine, I’ve added various tweaks such as MP123 to handle streaming audio for MOH. Would all that get backed up and restored too??? I also added a FFA license (which doesn’t seem to work BTW) from Digium, (but that’s another project to try and fix). Anyway I don’t really relish the thought of winding the system all the way back to scratch, and then find I have some trouble restoring all of the various applications and settings.

It seems a far more attractive option just to edit the httpd.conf file (and possibly the conf.d file you mentioned) if you or someone could maybe tell me what parameters should go in there?

Much of what you mention would never have been a problem with the FreePBX Distro.

Sounds like many of your problems are because the AsteriskNOW Distro which has been somewhat neglected and always had a lot of issues.

In any event, you can get the httpd.conf worked out and you might be ok. You can also contact FreePBX support if you would like to pay someone to help you do the right solution, or otherwise continue here with the help of the community to get yourself going.

I’m pleased to report I managed to fix it - not through any particular skill but because I found there was a file called httpd.conf.old lurking in the same directory. So I renamed the existing httpd.conf to httpd.bak and restored the old copy in its place, restarted Apache and voila! So thanks for pointing me to the right place.

(This might suggest I was the culprit all along, but I don’t remember doing that).

I think most of the problems are down to my own ignorance, including how backup and restore works. Is there actually a set of FreePBX instructions for 2.10?. I’d like to know how to setup the backup and restore anyway. The documentation I’ve seen online seems to be quite fragmentary and much of it outdared.

Thanks again.