<HTML><BODY>Hi Alex,<br><br>Thank You, i'm trying to use this config:<br><br><pre class="code" style="margin-top: 0px; margin-bottom: 1.4em; padding: 0.7em 1em; font-family: Consolas, 'Andale Mono WT', 'Andale Mono', 'Bitstream Vera Sans Mono', 'Nimbus Mono L', Monaco, 'Courier New', monospace; font-size: 14px; direction: ltr; background-color: #fbfaf9; color: #333333; box-shadow: #cccccc 0px 0px 0.5em inset; border-radius: 2px; overflow: auto; word-wrap: normal; border: 1px solid #cccccc;" data-mce-style="margin-top: 0px; margin-bottom: 1.4em; padding: 0.7em 1em; font-family: Consolas, 'Andale Mono WT', 'Andale Mono', 'Bitstream Vera Sans Mono', 'Nimbus Mono L', Monaco, 'Courier New', monospace; font-size: 14px; direction: ltr; background-color: #fbfaf9; color: #333333; box-shadow: #cccccc 0px 0px 0.5em inset; border-radius: 2px; overflow: auto; word-wrap: normal; border: 1px solid #cccccc;">if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si and $(hdr(Record-Route)[0]{nameaddr.uri}) != $null) {
                   xlog("L_INFO","Spoofing attack detected from $si, blocking");
                   exit;
                }</pre>taken from here: <a href="https://www.kamailio.org/wiki/tutorials/security/kamailio-security">https://www.kamailio.org/wiki/tutorials/security/kamailio-security</a> <br><br>but, it is not working because as you said the record-route - can be different, like in my case: <strong><span style="font-family: inherit; white-space: pre-wrap;" data-mce-style="font-family: inherit; white-space: pre-wrap;">Record-Route: <sip:192.168.1.1;lr;did=637.07c7c2d7><br><br></span></strong><span>Temporarily, i solved using this configuration: <br></span><strong><strong><span style="font-family: inherit; white-space: pre-wrap;" data-mce-style="font-family: inherit; white-space: pre-wrap;"><br></span></strong></strong><p>if($(hdr(Record-Route)[0]{nameaddr.uri}) != $null) {<br> if ( search_hf("Record-Route", ";", "f") ) {<br>$var(record_route) = $(hdr(Record-Route)[0]{nameaddr.uri}{re.subst,/^sip:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3});.*/\1/});<br> if($var(record_route)) != $si {<br>xlogl("L_ERR","Spoofing Attack detected, Blocking\n");<br> exit;<br> }<br>} else {<br> if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si) {<br>xlogl("L_ERR","Spoofing Attack detected, Blocking\n");<br> exit;<br> }<br> }<br> };</p><span style="font-family: inherit; white-space: pre-wrap;" data-mce-style="font-family: inherit; white-space: pre-wrap;">but, i'm not sure that this is right configuration - and maybe it could be done better. How would you solve this problem?<br></span><span style="font-family: inherit; white-space: pre-wrap;" data-mce-style="font-family: inherit; white-space: pre-wrap;">Thank You.<br></span><strong><span style="font-family: inherit; white-space: pre-wrap;" data-mce-style="font-family: inherit; white-space: pre-wrap;"><br></span></strong><style type="text/css"></style></BODY></HTML>