On 11-10-2005 14:55, Klaus Darilion wrote:
Hi all!
I want to differ between _incoming_ SIP requests from trusted peers and
from untrused (for different call routing). I came to the following
solutions. All of them has some disadvantages, and I would like to now
which you would prefer:
1. src_ip: incoming request are authenticated using the src_ip (only in
TCP mode useful)
+: easy to implement
+: easy to differ authenticated from unauthenticated incoming calls
-: lots of configuration (IP addresses may change, )
This can be implemented using if src_ip==... blocks in openser.cfg,
which would require the change the script everytime the IP addresses are
changed. Also requires restart of the proxy.
You can also use trusted table and permission module.
Right! I think this should be documented somewhere :-)
Maybe we can adopt the this function to verify the doman of the client
certificate?
regards
klaus