Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-22019

Change default AMI address binding to localhost

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 16
    • Fix Version/s: 16
    • Component/s: FreePBX Framework
    • Labels:
      None

      Description

      Currently, for all supported versions of FreePBX, the AMI bindaddr is set to 0.0.0.0 by default. For security, I think starting in 16, bindaddr should be set to 127.0.0.1 by default and users will have to change it manually if they need remote access to the service.

      The file, manager.conf can be safely edited, so there is no problem with actually forcing the FreePBX admin to make the change for the cases where it might be needed. If there is a problem here, it will be from any internet resources describing how to set up remote AMI connections to FreePBX, they will not include any steps to enable AMI for remote connections. I propose to mitigate this by displaying a notification at the top of the "Asterisk Manager Users" page indicating the current settings for bind address and bind port.

      Thoughts?

      [general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                rverma Rahul Verma
                Reporter:
                lgaetz Lorne Gaetz
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.