In the firewall/extra services screen under http and https provisioning settings there is a note that says: “It is NOT ADVISED to expose this port to the public internet, as SIP Secrets will be available to a knowledgeable attacker”. I totally understand this for http but what exactly is the risk if using https with valid cert, strong pwd, etc?
If you’re using strong Apache credentials, then the risk is very low. A suitably configured fail2ban (such as is done with System Admin) will block anyone attempting to brute force it.
That’s what I was thinking. Thanks for the feedback!
You must have the purchased version of SysAdmin in order to get the ability to require credentials for HTTP(S) provisioning.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.