Permissions issue w/

Hi all, I just upgraded to the current release running under PBIAF. I now have a problem that when I click on the “play” icon for recordings in the System Recordings page I get the following message:

“You don’t have permission to access /admin/modules/recordings/popup.php on this server.”

It was working fine previously. The directory has Asterisk:Asterisk as the owner/group.

Any ideas?




I had recently run both update scripts and just now ran the update-fix. Rebooted, but no change.

Am I really the only one having this problem?

Uh, ok thanks, one other person had a somewhat similar problem, but as I indicated, I had run the script before as well as after your suggestion and it did not fix the problem. That is not the problem.

Anyone else?

Bruce as it is expected in /usr/src/freepbx/

You could try finding the /usr/src/freepbx-2.4.0 directory and doing a ./

Same issue on 2 systems.

One is FreePBX 2.3.1, Asterisk 1.2 on Centos 5 the other is a brand new FreePBX 2.4.0, Asterisk 1.4.18 on Centos 5.

I get this in the apache error log:

[Thu Feb 14 08:01:10 2008] [error] [client] PHP Notice: Undefined variable: rname in /var/www/html/admin/modules/recordings/page.recordings.php on line 212, referer:
[Thu Feb 14 08:01:10 2008] [error] [client] PHP Notice: Undefined variable: suffix in /var/www/html/admin/modules/recordings/page.recordings.php on line 218, referer:
[Thu Feb 14 08:01:32 2008] [error] [client] client denied by server configuration: /var/www/html/admin/modules/recordings/popup.php

File permissions are:

-rw-rw-r-- 1 asterisk asterisk 1058 Feb 13 13:47 popup.php

SELINUX is disabled, apache is running as asterisk.asterisk, no .htaccess file in that directory.

Tried “” located in the beta source directory. Since I upgraded through the FreePBX module there is no current src directory. Unfortunately there was no change.

I wonder if popup.php uses a hard coded password. From line 23:

$REC_CRYPT_PASSWORD = urlencode((isset($_REQUEST[‘cryptpass’]) && trim($_REQUEST[‘cryptpass’]) != “”)?trim($_REQUEST[‘cryptpass’]):‘moufdsuu3nma0’);

I don’t code for a living so I am beyond my scope.


After ignoring the problem for a while, I figured out the cause. I had applied the security recommendation for tightening up the html server with a “Deny from All” in the Apache .htaccess file.

Deny from All created the problem in the following file: /var/www/html/admin/modules/.htaccess.

Removing or modifying the file fixes the popup problem.

Thanks for all the feedback.