AMI security

Hi, our 1.6.2.8 asterisk box will be on a public network. We use the AMI interface on the box itself
via a PHP script. We want to restrict ALL access from outside but still allow PHP scripts on the box access.
Is this safe enough?

Thanks

Just wondering if we set the bindaddr to 127.0.0.1 on our asterisk box which has a public IP . Is this safe enough? We will only be using the AMI within the ‘box’.

[user]
secret = secret
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

should do it