Jan Janak wrote:
On 11-10-2005 14:55, Klaus Darilion wrote:
Hi all!
I want to differ between _incoming_ SIP requests from trusted peers and from untrused (for different call routing). I came to the following solutions. All of them has some disadvantages, and I would like to now which you would prefer:
- src_ip: incoming request are authenticated using the src_ip (only in
TCP mode useful) +: easy to implement +: easy to differ authenticated from unauthenticated incoming calls -: lots of configuration (IP addresses may change, ) This can be implemented using if src_ip==... blocks in openser.cfg, which would require the change the script everytime the IP addresses are changed. Also requires restart of the proxy.
You can also use trusted table and permission module.
Right! I think this should be documented somewhere :-)
Maybe we can adopt the this function to verify the doman of the client certificate?
regards klaus