<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">I’m sorry – I should have been more clear in what I was looking at.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As a brief summary of the ‘problem’, I see items like this in my logs intermittently (a few times a day):<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">***<o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">20(3085) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, state=7, error=4 buf:</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">GET / HTTP/1.0</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">parsed:</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">GET / HTTP/1.0</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">24(3089) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, state=7, error=4 buf:</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">GET
<a href="http://clientapi.ipip.net/echo.php?info=20210311155950">http://clientapi.ipip.net/echo.php?info=20210311155950</a> HTTP/1.1</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">Host: clientapi.ipip.net</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">Accept: */*</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">Pragma: no-cache</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Courier New";color:#BB0000">User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64)</span><span style="font-size:10.0pt;font-family:"Courier New";color:black;background:black;mso-highlight:black"><o:p></o:p></span></p>
<p class="MsoNormal">***<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">So, this is just (likely) random scanning from the internet. I mostly just want to remove much of this info from my log files. I’m not serving http on this port. The question about $rP was mostly looking to ignore GET, POST, etc., but
I understand that this won’t work due to the fact that it’s message parsing that fails. I was just looking for a way to discard and ignore the bad message rather than trying to process it.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Ben Kaufman<o:p></o:p></p>
<p class="MsoNormal"><a href="mailto:ben.kaufman@altigen.com"><span style="color:#0563C1">ben.kaufman@altigen.com</span></a><o:p></o:p></p>
<p class="MsoNormal">Director of Cloud Operations<o:p></o:p></p>
<p class="MsoNormal">AltiGen Communications, Inc.<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> sr-users <sr-users-bounces@lists.kamailio.org> <b>
On Behalf Of </b>Alex Balashov<br>
<b>Sent:</b> Monday, March 8, 2021 3:08 PM<br>
<b>To:</b> Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org><br>
<b>Subject:</b> Re: [SR-Users] Best way to ignore HTTP requests<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">How would checking $rP help?<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Kamailio won’t process HTTP requests on a TCP SIP listener since they lack the SIP/2.0 request line signature.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">It’ll process them through xhttp, though. Is that the context in which this is an issue? If so, just expose your xhttp resources via an obscure URL ($hu) and deny anything else.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">—<o:p></o:p></p>
<div>
<p class="MsoNormal">Sent from mobile, with due apologies for brevity and errors.<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt">On Mar 8, 2021, at 4:01 PM, Ben Kaufman <<a href="mailto:ben.kaufman@altigen.com">ben.kaufman@altigen.com</a>> wrote:<o:p></o:p></p>
</blockquote>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I’ve set up a server listening on TCP recently, and notice that I’m receiving intermittent, random HTTP requests from the internet. While it would probably be a good idea to enforce a firewall rule to only allow known hosts to communicate,
what would be the best way within Kamailio to ignore http requests? Would just checking $rP work?<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Regards,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Ben Kaufman<o:p></o:p></p>
<p class="MsoNormal"><a href="mailto:ben.kaufman@altigen.com"><span style="color:#0563C1">ben.kaufman@altigen.com</span></a><o:p></o:p></p>
<p class="MsoNormal">Director of Cloud Operations<o:p></o:p></p>
<p class="MsoNormal">AltiGen Communications, Inc.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a><br>
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
</body>
</html>