Is there a way from the GUI to add a basic auth username and password to the xepm-provision directory for phone provisioning. I manually added the entries in apache to get authentication to work but after using the GUI and saving changes it reverted what I had configured in CLI.
Having anonymous access to the cfg files for phones is a pretty big security issues as it has the username and password for each account in plaintext.
Nice. Maybe this should be an official feature to allow admins to enable provisioning auth. Perhaps is it even possible to setup multiple credentials? that way you can revoke access for a single tenant.
I stand corrected. Everything was working perfectly until I upgraded from 2.4.0-5 to 2.4.0-6 and it overwrote the file. After adding the entries again everything is fine. Would be nice to have it in the UI so it updates accordingly with upgrades.
@jrosetto Not sure which brand of phones you are provisoning, I use mostly Yealink which has a option for user name & password under the provisioning tab is this the type of access restriction that the htaccess file is giving you.