Hello,
you can use permissions module with address table for IP based access policies.
Cheers, Daniel
On 16.06.19 19:58, Olli Attila wrote:
Hello,
After reading comments from Daniel and Alex I decided to proceed with the design model that uses a middleware server (eg. not exposing kamailio straight to users) which will be the node taking to Kamailio JSONRPC API.
That being said... I could go for the ip address authentication. Are there any best practice guides for this?
Cheer, Olli
pe 14. kesäk. 2019 klo 16.21 Daniel-Constantin Mierla (miconda@gmail.com) kirjoitti:
Hello,
I would not expose the kamailio to API interactions triggered by the end users, be careful not to block its activity.
Anyhow, you can use the www_challenge()/www_authenticate() function from auth/auth_db modules that are using the records from subscriber table perform HTTP digest authentication.
Cheers, Daniel
On 14.06.19 09:14, Olli Attila wrote:
Hello,
I think it would be better to do the authentication with username/password. We are developing a web interface which will be used to alter dialplan & htable entries and after changes have been made, user would command the sip proxies to reload new data from the database via jasonrpc. With this design, user authentication would be more suitable.
Cheers, Olli Attila
pe 14. kesäk. 2019 klo 10.04 Daniel-Constantin Mierla (miconda@gmail.com) kirjoitti:
Hello,
do you want to authenticate with ip addresses stored in database or with username/password?
Cheers, Daniel
On 13.06.19 08:12, Olli Attila wrote:
Hello,
I have this xhttp event_route on Kamailio that I am using to signal the proxy to reload dialplans and htable when necessary:
event_route[xhttp:request] { if(src_ip!=127.0.0.1) { xhttp_reply("403", "Forbidden", "text/html", "<html><body>Not allowed from $si</body></html>"); exit; } if ($hu =~ "^/RPC") { jsonrpc_dispatch(); } else { xhttp_reply("200", "OK", "text/html", "<html><body>Wrong URL $hu</body></html>"); } return; }
Now instead of returning 403 forbidden for requests coming from other src_ip than proxy itsef, I would like to authenticate the http request via proxy database. How can this be done if possible?
Cheers, Olli
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda
-- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda