How about adding source addr param to pike_check_req()?
Motivation is that main proxy may be front-ended by another proxy that passes the real source addr to the main proxy in a header.
-- Juha
Hello,
I am fine to add it. So far I preferred to discard unwanted traffic at the brorder of the core platform, so I didn't need such feature.
Cheers, Daniel
On 12.10.20 16:11, Juha Heinanen wrote:
How about adding source addr param to pike_check_req()?
Motivation is that main proxy may be front-ended by another proxy that passes the real source addr to the main proxy in a header.
-- Juha
Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
On 13.10.20 10:54, Juha Heinanen wrote:
Daniel-Constantin Mierla writes:
I am fine to add it. So far I preferred to discard unwanted traffic at the brorder of the core platform, so I didn't need such feature.
I agree, better to do blocking at the edge.
The changes were not complex, so I just pushed the code implementing this feature. It can be useful to trigger alerts using Via or Contact headers, even at the edge proxy. More over, can be used to write logs when forwarding too much traffic to a specific ip address, although in this case pipelimit can provide more flexibility.
I also extended to be allowed to be used in on/reply_route. Now thinking about it, probably makes sense to allow it inside onsend_route as well.
Cheers, Daniel
-
Daniel-Constantin Mierla -
Juha Heinanen