Page 1 of 1

192.168.1.x/RECORDINGS PASSWORD?

PostPosted: Sat Dec 05, 2009 3:52 am
by enavaro
Hello,

I configured my Vicidialnow CE 1.3 server box with virtual LAN, namely it has two IP addresses, one is private and the other one is public. The reason for this is to pull out recordings even im not in my center.

Now my concern is How can I put password on it?

192.168.1.x/RECORDINGS
202.xxx.xxx.xxx/RECORDINGS

For security purposes.

Thanks

thanks

PostPosted: Sat Dec 05, 2009 7:54 am
by brett05
this is found in you apache config
you can limit the use of your recording to just one computer from his ip .
for exemple here :
in /etc/apache2/sites-available/default :
Alias /RECORDINGS/ "/var/spool/asterisk/monitorDONE/"
<Directory "/var/spool/asterisk/monitorDONE">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
<files *.mp3>
Forcetype application/forcedownload
</files>
</Directory>

as this you will allow computer to have recording but if you want to deny all computer so you will do this:
Alias /RECORDINGS/ "/var/spool/asterisk/monitorDONE/"
<Directory "/var/spool/asterisk/monitorDONE">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Deny from all
<files *.mp3>
Forcetype application/forcedownload
</files>
</Directory>

other solution is block access from A network/netmask pair:
exemple:
Alias /RECORDINGS/ "/var/spool/asterisk/monitorDONE/"
<Directory "/var/spool/asterisk/monitorDONE">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from 10.1.0.0/255.255.0.0
<files *.mp3>
Forcetype application/forcedownload
</files>
</Directory>

other solution is from A full IP address:
Alias /RECORDINGS/ "/var/spool/asterisk/monitorDONE/"
<Directory "/var/spool/asterisk/monitorDONE">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Deny from 10.1.2.10
<files *.mp3>
Forcetype application/forcedownload
</files>
</Directory>

other solution is from A (partial) domain-name:
Alias /RECORDINGS/ "/var/spool/asterisk/monitorDONE/"
<Directory "/var/spool/asterisk/monitorDONE">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Deny from domainname.org
<files *.mp3>
Forcetype application/forcedownload
</files>
</Directory>

and they are more other solution if you like just try to understand more apache mods access or try htacess config
finally as you see here we have use <files *.mp3> so try to change your recording format in crontab script.
and reboot apache.
/sbin/service httpd restart
and to use folder recording with password access try to use this:
<Directory "/var/spool/asterisk/monitorDONE">
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
AccessFileName .htaccess
<files *.mp3>
Forcetype application/forcedownload
</files>
</Directory>

then :
create a htaccess file:
vim /var/spool/asterisk/monitorDONE/.htaccess
and put this:
AuthName foldername
AuthUserFile /password/.htpasswd
AuthType Basic
<limit GET POST>

mkdir /var/spool/asterisk/monitorDONE/password
vim /var/spool/asterisk/monitorDONE/password/.htpasswd
and put this as exemple:
admin:password
brak:hJ74qxcNjdmpOijdgD

reboot apache
maybe this will help you enjoy.

PostPosted: Sat Dec 05, 2009 9:05 am
by enavaro
Wow! I never thought of that. Very impressive! Can we make this sticky?
Lots of people out there like me need to know all these things. Especially with regards to security.

1000x thanks to you brett05!!!

thanks

PostPosted: Sat Dec 05, 2009 10:08 am
by brett05
:wink:
they are many way to make vicidial more security.
you can also separate your recording in folder with the name in each compaign.
try also to read the update install of ubuntu in the down page of it thez are some bug of security you can fix them.
i have do this install to make vicidial more powerfull .
for this time i have do it in ubuntu and soon i will add it to opensuse and federa with single box and muliserver.
http://www.vicidial.org/VICIDIALwiki/ti ... ntuInstall

PostPosted: Sat Dec 05, 2009 2:21 pm
by okli
Have a look at this topic as well:
http://www.vicidial.org/VICIDIALforum/v ... recordings

We've been using AutoIndex for over an year without any issue and having a search option, statistic, several user levels etc. is much more convenient when having tons of recordings and several people using it.

thanks

PostPosted: Sat Dec 05, 2009 3:36 pm
by brett05
this is not a good idea to put a php file explorer with a shortcut to www path.
with this you will make it public for all person.
also you need to search each recording in each time.

PostPosted: Sat Dec 05, 2009 3:39 pm
by okli
You restrict access the same way as if you were using alias, plus you have passwords, which you can manage from web browser, rather that editing htaccess file.
also you need to search each recording in each time.
Didin't quite get this, why I need to search? I can get to recording without searching, can simply open the relevant directory and click on the recording, why would I must search for it? Search is a bonus.

PostPosted: Mon Dec 07, 2009 9:48 am
by gardo
Sticky it is!

enavaro wrote:Wow! I never thought of that. Very impressive! Can we make this sticky?
Lots of people out there like me need to know all these things. Especially with regards to security.

1000x thanks to you brett05!!!

PostPosted: Fri Feb 26, 2010 4:38 am
by gmcust3
When I try below url, I get :

Forbidden

You don't have permission to access /RECORDINGS/20100226-141130_1415876919-all.wav on this server.

But when I try , I can browse the folder :

http://122.160.239.178/RECORDINGS/

Code: Select all

1) I have created sym link under HTML folder as RECORDINGS.

2) Under astguiclient, I have entry for :

# astguiclient.conf - configuration elements for the astguiclient package
# this is the astguiclient configuration file
# all comments will be lost if you run install.pl again

# Paths used by astGUIclient
PATHDONEmonitor => /var/spool/asterisk/monitorDONE
PATHDONEmonitor => /var/www/html/RECORDINGS

# The IP address of this machine
VARserver_ip => 192.165.1.250

3)

<Directory "/var/spool/asterisk/monitorDONE">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 192.168
Options Indexes FollowSymLinks

</Directory>

Alias /RECORDINGS /var/spool/asterisk/monitorDONE
Alias /recordings /var/spool/asterisk/monitorDONE


Re: 192.168.1.x/RECORDINGS PASSWORD?

PostPosted: Mon Jan 07, 2013 11:14 am
by ctc_olsen
Looks like you have NAT set up. Go to whatismyip.com. What is your IP? Put it in the config. Also try putting Deny from all first after allow all. Just like this.

Code: Select all
<Directory "/var/spool/asterisk/monitorDONE">
Order Deny,Allow
Allow from 127.0.0.1 192.168 IP.IP.IP.IP <== [b]IP shown in whatismyip.com[/b]
Deny from all
Options Indexes FollowSymLinks

</Directory>

Alias /RECORDINGS /var/spool/asterisk/monitorDONE
Alias /recordings /var/spool/asterisk/monitorDONE

Re: 192.168.1.x/RECORDINGS PASSWORD?

PostPosted: Sat Feb 16, 2013 6:05 pm
by williamconley
apache configurations for many distros of GoAuto have the recordings folder locked. You will find other references to this posted by gardo and others, but I believe it is covered in his Wiki (how to access recordings ...).

Re: 192.168.1.x/RECORDINGS PASSWORD?

PostPosted: Thu Aug 08, 2013 6:24 am
by richardroi
We followed the steps of brett05 but we are having errors:
/usr/bin/sox FAIL formats: can't determine type of file `/var/spool/asterisk/monitorDONE/password'
/usr/bin/sox FAIL formats: no handler for file extension `htaccess'

can anyone share some light?

Thank you.

Re: 192.168.1.x/RECORDINGS PASSWORD?

PostPosted: Thu Aug 08, 2013 7:34 am
by richardroi
It is erasing the entries I made on /var/spool/asterisk/monitorDONE.
Kindly help.

Re: 192.168.1.x/RECORDINGS PASSWORD?

PostPosted: Sat Feb 15, 2014 10:52 am
by williamconley
"the entries" is a bit vague

but based on your prior post it appears you are trying to create a password file in that recording folder. probably not the best way to go.

i would recommend creating the password file in a folder in the /etc/apache2/ folder (or any other configuration area) as opposed to a folder for recordings. Of course your distro could also call the apache2 folder httpd or something else, the point is to create this configuration file in a configuration file area (/etc/) instead of in a recording file area (/var/spool/asterisk/monitorDONE ...) which is being constantly monitored and manipulated by a perl script tasked with converting and moving recordings OUT of that folder.