<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Since the parse failure precedes any operation of the config script on the request—only parsed requests are exposed into the config script—I don’t think there is any way to prevent this. <br><br><div dir="ltr">—<div>Sent from mobile, with due apologies for brevity and errors.</div></div><div dir="ltr"><br><blockquote type="cite">On Mar 11, 2021, at 11:22 AM, Ben Kaufman <ben.kaufman@altigen.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">I’m sorry – I should have been more clear in what I was looking at.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As a brief summary of the ‘problem’, I see items like this in my logs intermittently (a few times a day):<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">***<o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">20(3085) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, state=7, error=4 buf:</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">GET / HTTP/1.0</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">parsed:</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">GET / HTTP/1.0</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">24(3089) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, state=7, error=4 buf:</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">GET
<a href="http://clientapi.ipip.net/echo.php?info=20210311155950">http://clientapi.ipip.net/echo.php?info=20210311155950</a> HTTP/1.1</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">Host: clientapi.ipip.net</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">Accept: */*</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">Pragma: no-cache</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64)</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal">***<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">So, this is just (likely) random scanning from the internet. I mostly just want to remove much of this info from my log files. I’m not serving http on this port. The question about $rP was mostly looking to ignore GET, POST, etc., but
I understand that this won’t work due to the fact that it’s message parsing that fails. I was just looking for a way to discard and ignore the bad message rather than trying to process it.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Ben Kaufman<o:p></o:p></p>
<p class="MsoNormal"><a href="mailto:ben.kaufman@altigen.com"><span style="color:#0563C1">ben.kaufman@altigen.com</span></a><o:p></o:p></p>
<p class="MsoNormal">Director of Cloud Operations<o:p></o:p></p>
<p class="MsoNormal">AltiGen Communications, Inc.<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> sr-users <sr-users-bounces@lists.kamailio.org> <b>
On Behalf Of </b>Alex Balashov<br>
<b>Sent:</b> Monday, March 8, 2021 3:08 PM<br>
<b>To:</b> Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org><br>
<b>Subject:</b> Re: [SR-Users] Best way to ignore HTTP requests<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">How would checking $rP help?<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Kamailio won’t process HTTP requests on a TCP SIP listener since they lack the SIP/2.0 request line signature.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">It’ll process them through xhttp, though. Is that the context in which this is an issue? If so, just expose your xhttp resources via an obscure URL ($hu) and deny anything else.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">—<o:p></o:p></p>
<div>
<p class="MsoNormal">Sent from mobile, with due apologies for brevity and errors.<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt">On Mar 8, 2021, at 4:01 PM, Ben Kaufman <<a href="mailto:ben.kaufman@altigen.com">ben.kaufman@altigen.com</a>> wrote:<o:p></o:p></p>
</blockquote>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I’ve set up a server listening on TCP recently, and notice that I’m receiving intermittent, random HTTP requests from the internet. While it would probably be a good idea to enforce a firewall rule to only allow known hosts to communicate,
what would be the best way within Kamailio to ignore http requests? Would just checking $rP work?<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Ben Kaufman<o:p></o:p></p>
<p class="MsoNormal"><a href="mailto:ben.kaufman@altigen.com"><span style="color:#0563C1">ben.kaufman@altigen.com</span></a><o:p></o:p></p>
<p class="MsoNormal">Director of Cloud Operations<o:p></o:p></p>
<p class="MsoNormal">AltiGen Communications, Inc.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
<span>_______________________________________________</span><br><span>Kamailio (SER) - Users Mailing List</span><br><span>sr-users@lists.kamailio.org</span><br><span>https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</span><br></div></blockquote></body></html>