kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2026-04-22 05:50:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
46292c9a456a339ab53a1ecbecb32a53bf3c981d
asterisk/configs/samples/ari.conf.sample
Mike Bradeen 46292c9a45 acl: Add ACL support to http and ari 
Add uri prefix based acl support to the built in http server.
This allows an acl to be added per uri prefix (ie '/metrics'
or '/ws') to restrict access.

Add user based acl support for ARI. This adds new acl options
to the user section of ari.conf to restrict access on a per
user basis.

resolves: #1799

UserNote: A new section, type=restriction has been added to http.conf
to allow an uri prefix based acl to be configured. See
http.conf.sample for examples and more information.
The user section of ari.conf can now contain an acl configuration
to restrict users access. See ari.conf.sample for examples and more
information
2026-03-05 12:52:43 +00:00

75 lines
3.2 KiB
Plaintext
Raw Blame History

[general]
enabled = yes ; When set to no, ARI support is disabled.
;pretty = no ; When set to yes, responses from ARI are
; ; formatted to be human readable.
;allowed_origins = ; Comma separated list of allowed origins, for
; ; Cross-Origin Resource Sharing. May be set to * to
; ; allow all origins.
;auth_realm = ; Realm to use for authentication. Defaults to Asterisk
; ; REST Interface.
;
; Default write timeout to set on websockets. This value may need to be adjusted
; for connections where Asterisk must write a substantial amount of data and the
; receiving clients are slow to process the received information. Value is in
; milliseconds; default is 100 ms.
;websocket_write_timeout = 100
;
; Display certain channel variables every time a channel-oriented
; event is emitted:
;
; Note that this does incur a performance penalty and should be avoided if possible.
;
;channelvars = var1,var2,var3
;[username]
;type = user ; Specifies user configuration
;read_only = no ; When set to yes, user is only authorized for
; ; read-only requests.
;
;password = ; Crypted or plaintext password (see password_format).
;
; password_format may be set to plain (the default) or crypt. When set to crypt,
; crypt(3) is used to validate the password. A crypted password can be generated
; using mkpasswd -m sha-512.
;
; When set to plain, the password is in plaintext.
;
;password_format = plain
;
; The following three options (permit, deny, acl) allow for a per-user acl to be
; configured. The format follows the rules as documented in acl.conf.sample
;
; If no restriction is defined for a given user, no IPs will be blocked by
; Asterisk (legacy behavior).
;
;deny = ; Deny acces from the subnet for the given user
;permit = ; Permit access from the subnet(s) for the given user
;acl = ; Optional name for the acl.
;
;Example:
;deny = 0.0.0.0/0
;permit = 127.0.0.1,10.0.0.0/24
;acl = localasteriskuser
;
; Outbound Websocket Connections
;
;[connection1] ; The connection name
;type = outbound_websocket ; Must be "outbound_websocket"
;websocket_client_id = myid ; The id of a websocket client defined in
; websocket_client.conf.
; Default: none
;apps = app1, app2 ; A comma-separated list of Stasis applications
; that will be served by this connection.
; No other connection may serve these apps.
; Default: none
;subscribe_all = no ; If set to "yes", the server will receive all
; events just as though "subscribeAll=true" was
; specified on an incoming websocket connection.
; Default: no
;local_ari_user = local_user ; The name of a local ARI user defined above.
; This controls whether this connection can make
; read/write requests or is read-only.
; Default: none
Reference in New Issue View Git Blame Copy Permalink