I’m sorry – I should have been more clear in what I was looking at.
As a brief summary of the ‘problem’, I see items like this in my logs intermittently (a few times a day):
*** 20(3085) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, state=7, error=4 buf: GET / HTTP/1.0
parsed: GET / HTTP/1.0
24(3089) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, state=7, error=4 buf: GET http://clientapi.ipip.net/echo.php?info=20210311155950 HTTP/1.1 Host: clientapi.ipip.net Accept: */* Pragma: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) ***
So, this is just (likely) random scanning from the internet. I mostly just want to remove much of this info from my log files. I’m not serving http on this port. The question about $rP was mostly looking to ignore GET, POST, etc., but I understand that this won’t work due to the fact that it’s message parsing that fails. I was just looking for a way to discard and ignore the bad message rather than trying to process it.
Regards,
Ben Kaufman ben.kaufman@altigen.commailto:ben.kaufman@altigen.com Director of Cloud Operations AltiGen Communications, Inc.
From: sr-users sr-users-bounces@lists.kamailio.org On Behalf Of Alex Balashov Sent: Monday, March 8, 2021 3:08 PM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: Re: [SR-Users] Best way to ignore HTTP requests
How would checking $rP help?
Kamailio won’t process HTTP requests on a TCP SIP listener since they lack the SIP/2.0 request line signature.
It’ll process them through xhttp, though. Is that the context in which this is an issue? If so, just expose your xhttp resources via an obscure URL ($hu) and deny anything else.
— Sent from mobile, with due apologies for brevity and errors.
On Mar 8, 2021, at 4:01 PM, Ben Kaufman <ben.kaufman@altigen.commailto:ben.kaufman@altigen.com> wrote: I’ve set up a server listening on TCP recently, and notice that I’m receiving intermittent, random HTTP requests from the internet. While it would probably be a good idea to enforce a firewall rule to only allow known hosts to communicate, what would be the best way within Kamailio to ignore http requests? Would just checking $rP work?
Regards,
Ben Kaufman ben.kaufman@altigen.commailto:ben.kaufman@altigen.com Director of Cloud Operations AltiGen Communications, Inc.
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users