vicidial.org

How to stop creation of project_auth_entries.txt?

I don't need this file !!

either this: "System settings" -> "Webroot Writable" -> set to 0
but you have an old build so not sure if you got that option.

if not then you can make it a symbolic link to /dev/null
* change directory to agc/ or vicidial/ (dont remember the default location for the webroot in goautodial)
* remove the file:
rm project_auth_entries.txt
* and create the symbolic link:
ln -s /dev/null project_auth_entries.txt

or the third option is to manually edit the php-files and comment out the code that writes data to that file.

We generally modify apache to refuse to provide any .txt or .log files to the web service.

Code: Select all

        <FilesMatch "\.(log|txt)$">
           Order allow,deny
           Deny from all
        </FilesMatch>

we fixed this quite a while ago in svn/trunk.

Yep, but many are still running those old systems.

Worked. Thanks

Hi William

Thank you for the valuable support and efforts you've made to help us.

Can u provide the steps to deny access to .log and .txt files in apache.

williamconley wrote:We generally modify apache to refuse to provide any .txt or .log files to the web service.

Code: Select all

        <FilesMatch "\.(log|txt)$">
           Order allow,deny
           Deny from all
        </FilesMatch>

Please provide elaborated steps to configure apache

1 more question.
If we use any firefox tool to check the php code.
All the users and admin passwords are visible.
How can I protect web pages to leak the passwords.

Webroot writable = 0 already

The precise entry would depend on your implementation. Find the entry in your apache configuration folder that controls /srv/www/htdocs (or your web root if different) and add it there or post your entry here and we'll show you how to modify the existing entry.

You may find this under /etc/apache2/default-server.conf or any one of many other files depending on your installation.

Which reminds me:

1) Welcome to the Party!

2) As you are obviously new here, I have some suggestions to help us all help you:

When you post, please post your entire configuration including (but not limited to) your installation method and vicidial version with build.

This IS a requirement for posting along with reading the stickies (at the top of each forum) and the manager's manual (available on EFLO.net, both free and paid versions)

You should also post: Asterisk version, telephony hardware (model number is helpful here), cluster information if you have one, and whether any other software is installed in the box. If your installation method is "from scratch" you must post your operating system and should also post the .iso version from which you installed your original operating system. If your installation is "Hosted" list the site name of the host.

If this is a "Cloud" or "Virtual" server, please note the technology involved along with the version of that techology (ie: VMware Server Version 2.0.2). If it is not, merely stating the Motherboard model # and CPU would be helpful.

Similar to This:

Vicibox X.X from .iso | Vicidial X.X.X-XXX Build XXXXXX-XXXX | Asterisk X.X.X | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel DG35EC | Core2Quad Q6600