Hello,
Perhaps I do not understand this feature but I am trying to restrict so that only localhost can use the ARI on port 8088.
Here’s my configuration, I have tried both allowed_origin http://localhost:8088 and without protocol localhost:8088
[general]
enabled = yes
allowed_origins = http://localhost:8088
[ariuser]
type=user
read_only=no
password_format=plain
password=1234
Despite having this I can still send requests remotely like this
curl http://my-test-asterisk.com:8088/ari/channels -u ariuser:1234
<--- ARI request received from: 8.8.8.8:49388 --->
Host: my-test-asterisk.com:8088
Authorization: Basic YXJpdXNlcjoxMjM0
User-Agent: curl/7.88.1
Accept: */*
body:
<--- Sending ARI response to 8.8.8.8:49388 --->
200 OK
Content-type: application/json
[]
Is there a way to limit ARI access to localhost, but having WS exposed externally?
Asterisk version 20.3.0
jcolp
2
There is currently no ACL functionality. You would want to put a proxy in front for Websockets and bind the Asterisk HTTP server to localhost only.
OK, well as of now that is not an option. We’ll just live with the fact that ARI is exposed externally and use strong passwords.
Do you happen to know if there’s an existing feature request on such a functionality? Or at least segregating ARI from WS.
block it in your firewall
jcolp
6
Feature requests are put on Github[1]. There is no such feature request currently.
[1] Issues · asterisk/asterisk-feature-requests · GitHub
I have created a Feature Request to the best of my ability.
system
Closed
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.