Hi Aymeric
Try to use force_rport() after sl_send_reply:
secf_check_ua(); if ($? == -2) { force_rport(); sl_send_reply("200", "OK"); exit; }
For secf_check_sqli_all() the module drops the packet if a sqli is detected in any header but for other functions as secf_check_sqli_ua() it returns a negative code for detection and you choose if you want to drop the packet or not
Regards
On Tue, 3 Dec 2019 at 15:48, Aymeric Moizard amoizard@gmail.com wrote:
Hi all,
I'm testing and moving my kamailio script to use the newer secfilter module.
In the past, I was replying "200 Ok" to "friendly scanners"...
With the newer secfilter module, it looks like I can't send a reply with "sl_send_reply("200", "OK")"
secf_check_ua(); if ($? == -2) { sl_send_reply("200", "OK"); exit; }
I have read the code of the secfilter, but I was not able to see any specific code to silently discard the SIP request.
I can see in the documentation about "secf_check_sqli_all", that the SIP message is supposed to be "dropped". I can see "w_check_sqli_all" returns 0 on detection and w_check_ua returns -2 upon detection.
Are the message discarded because a negative value was returned?
Would it be doable, using the secfilter, to still reply 200 Ok? Regards Aymeric
-- Antisip - http://www.antisip.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users