From jesus.perez@quobis.com Sat Sep 15 12:30:54 2012 From: =?utf-8?q?Jes=C3=BAs_P=C3=A9rez?= Rubio To: sr-dev@lists.kamailio.org Subject: Re: [sr-dev] Websocket testing Date: Sat, 15 Sep 2012 12:30:48 +0200 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0649422399==" --===============0649422399== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I said dirty because this solutions worked for me (I only need to run kamailio on another port) but I'm quite new in VoIP (less than a year) and playing with kamailio.cfg (one or two weeks) xD. I=C2=B4m a bit paranoid and with the change I=C2=B4m broking a condition to accept a packet or not. I was looking source code and I think It could be ok, but until somebody from the list confirms me this change is secure I won=C2=B4t sleep fine ;), Thanks. 2012/9/14 Jes=C3=BAs P=C3=A9rez Rubio > Hi, I had the same problem and I solve it changing this line on my > kamailio.cfg: > > # DIRTY WORKARROUND :P > #if ($hdr(Host) =3D=3D $null || !is_myself($hdr(Host))) { > if ($hdr(Host) =3D=3D $null) { > xlog("L_WARN", "Bad host $hdr(Host)\n"); > > xhttp_reply("403", "Forbidden", "", ""); > exit; > } > > Could anybode confirm me if this solution is correct (and secure) please? > > Thanks in advance :). > > > 2012/8/8 Carlos Ruiz D=C3=ADaz > >> Thank you for your time Peter. >> >> I'll setup a VM with Windows to continue with my tests and I'll come back >> later with more feedback. >> >> Regards. >> >> Carlos. >> >> >> On Wed, Aug 8, 2012 at 12:22 PM, Peter Dunkley < >> peter.dunkley(a)crocodile-rcs.com> wrote: >> >>> Hi, >>> >>> I have added some comments in-line below. >>> >>> Regards, >>> >>> Peter >>> >>> > 1. After setting up the proxy ip:port in the call.htm file (of sipml5) >>> to >>> > * >>> > 127.0.0.1:5060* the client started to work but kamailio script >>> refused to >>> > establish my connection because the following condition was not >>> satisfied: >>> > >>> > >>> > *if ($Rp !=3D MY_WS_PORT && $Rp !=3D MY_WSS_PORT) {* >>> > * xlog("L_WARN", "HTTP request received on $Rp\n");* >>> > * xhttp_reply("403", "Forbidden", "", "");* >>> > * exit;* >>> > *}* >>> > >>> > *MY_WS_PORT* and *MY_WSS_PORT *are set to 80 and 443 respectively, as >>> the >>> > default config example of websocket module says so. >>> > >>> > Then, I decided to change the ip:port to *127.0.0.1:80*, always in the >>> > call.htm file and afterwards the condition was satisfied but sipml5 >>> dies >>> > with >>> > >>> > SIP stack start: proxy=3D'127.0.0.1:80', realm=3D'', >>> > impi=3D'2000', impu=3D'' >>> > tsk_utils.js:97< >>> http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=3D5> >>> > Connecting to 'ws://127.0.0.1:80' >>> > tsk_utils.js:97< >>> http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=3D5> >>> > Stack starting >>> > tsk_utils.js:97< >>> http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=3D5> >>> > Unexpected response code: 200 :1 >>> > __tsip_transport_ws_onerror >>> > tsk_utils.js:97< >>> http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=3D5> >>> > __tsip_transport_ws_onclose >>> > tsk_utils.js:97< >>> http://127.0.0.1/sipml5/src/tinySAK/src/tsk_utils.js?svn=3D5> >>> > Failed to connet to the server >>> > >>> > Finally, I ended up commenting the condition block and restored the >>> > original values of ip:port to *127.0.0.1:5060* . >>> > >>> > Having done that, I tried again and another error was thrown but this >>> > time, >>> > in the next condition block: * if ($hdr(Host) =3D=3D $null || >>> > !is_myself($hdr(Host))) * >>> > >>> >