I’m sorry – I should have been more clear in what I was looking at.

 

As a brief summary of the ‘problem’, I see items like this in my logs intermittently (a few times a day):

 

***

20(3085) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, state=7, error=4 buf:

GET / HTTP/1.0

 

 

parsed:

GET / HTTP/1.0

 

 

24(3089) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, state=7, error=4 buf:

GET http://clientapi.ipip.net/echo.php?info=20210311155950 HTTP/1.1

Host: clientapi.ipip.net

Accept: */*

Pragma: no-cache

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64)

***

 

So, this is just (likely) random scanning from the internet.   I mostly just want to remove much of this info from my log files.  I’m not serving http on this port.  The question about $rP was mostly looking to ignore GET, POST, etc., but I understand that this won’t work due to the fact that it’s message parsing that fails.  I was just looking for a way to discard and ignore the bad message rather than trying to process it.

 

 

Regards,

 

Ben Kaufman

ben.kaufman@altigen.com

Director of Cloud Operations

AltiGen Communications, Inc.

 

From: sr-users <sr-users-bounces@lists.kamailio.org> On Behalf Of Alex Balashov
Sent: Monday, March 8, 2021 3:08 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Subject: Re: [SR-Users] Best way to ignore HTTP requests

 

How would checking $rP help?

 

Kamailio won’t process HTTP requests on a TCP SIP listener since they lack the SIP/2.0 request line signature.

 

It’ll process them through xhttp, though. Is that the context in which this is an issue? If so, just expose your xhttp resources via an obscure URL ($hu) and deny anything else.

 

Sent from mobile, with due apologies for brevity and errors.



On Mar 8, 2021, at 4:01 PM, Ben Kaufman <ben.kaufman@altigen.com> wrote:



I’ve set up a server listening on TCP recently, and notice that I’m receiving intermittent, random HTTP requests from the internet.  While it would probably be a good idea to enforce a firewall rule to only allow known hosts to communicate, what would be the best way within Kamailio to ignore http requests?  Would just checking $rP work?

 

Regards,

 

Ben Kaufman

ben.kaufman@altigen.com

Director of Cloud Operations

AltiGen Communications, Inc.

 

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users