freeswitch-centos-rpm.png

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

Happy Xmas to you all. As a gift to everyone, here it is. Today, I have published in OKay's RPM repository RPMs for FusionPBX 4.4.11. FusionPBX is an open-source FreeSWITCH GUI. FusionPBX can be used as a high available, single or domain based multi-tenant PBX, carrier-grade switch, call centre server, fax server, VoIP server, voicemail server, conference server, voice application server, appliance framework and more. FreeSWITCH is a highly scalable, multi-threaded, multi-platform communication platform. FusionPBX license is the MPL 1.1 license.

This is a vanilla FusionPBX some patches from my own, mainly to be able to run correctly the load-balanced cluster mode and to fix the class-based XML CDR importer. This RPM will install MySQL (for CentOS 6) or MariaDB (for CentOS 7 or CentOS 8) as the database backend, all possible information will be stored there, such as dial plans, profile information, registrations and so on.

FusionPBX 4.4 has new things, some of them:

  • new bridges application
  • new streams application
  • new number transaction application
  • new transaction logger
  • new behaviour for the dial-plan manager
  • the directory now has a first name and last name fields

As a premium add-on, installation using this RPM includes the LCR and Billing for FusionPBX in-app. You just need to activate it and start configuring it. If you'd like to read more directions about how to install it properly in your CentOS server, you can read the quick guide covering how to install FusionPBX in a CentOS server.

I encourage everybody to upgrade to 4.4.10 or better. If you have an installation older than November 22nd, 2019, it is very likely you have this vulnerability: https://vuldb.com/?id.146482, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19366; the vulnerability was reported for 4.4.1 but I did a code reviewed and it was fixed just a few days ago, so if you still have 4.4.9 (and some 4.4.10), you may be vulnerable. Although the first article sounds very fatalist, the vulnerability can only be exploited after you authenticate successfully, in other words, inside-jobs.

The RPM's are available for Centos 6, 7 and 8. And you can find it if you type yum search fusionpbx.

Enjoy!

xml.png

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

The Enhanced XML CDR Importer is a piece of software that directly replaces the standard FusionPBX XML Importer. Each time a call is finished, the FreeSWITCH, through the mod_xml_cdr module, will call an HTTP PHP script that will import the call detail record into the database. It is called XML because FreeSWITCH actually uses an XML format to push the data.

Read more: Enhanced XML CDR Importer for FusionPBX 1.2.0 Released

localhost.png

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

In the long journey of security, moving from HTTP to HTTPS is one of the many steps you will need to do. So, the first question is: why you just don't close port 80/tcp? The answer is more an SEO matter than a security one; if you close the port 80/tcp when Google and any other indexing engine will try to contact you, it will time-out. This, at Google's eyes, means an off-line server; an off-line server is a candidate to be taken out of the indexing.

Doing a proper redirection, for example from http://inside-out.xyz/path/script.php?parameters to https://inside-out.xyz/path/script.php?parameters is the correct way. Google will understand the HTTP error code 301 and it will reindex you with the correct URL.

Here it is my .htaccess file I use:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^127.0.0
RewriteCond %{REMOTE_HOST} !^127.0.0
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This will allow HTTP redirection for all queries but those who come to IP 127.0.0.x. You can play with the regular expression to do exceptions.

Remember to modify Apache's configuration in the <Directory> tag to allow all to be overwritten.

Enjoy!

Subcategories