Hi all,
I'm still working on without success for the moment.
I don't have an idea on the means to use AVP/DB etc. with this purpose.
Someone can help me ?
Regards
Le lundi 24 novembre 2008 à 12:20 +0100, Atle Samuelsen a écrit :
if(search("Asterisk")){ sl_reply("403","Go away ugly asterisk"); break; }else if(search("my_other_ua_i_dont_like"){ sl_reply("403","I do not like you either"); break; }
On Mon, Nov 24, 2008 at 12:16 PM, inge inge@legos.fr wrote:
Someone else has an idea ? I think about how to implement this kind of filtering with functions included in SER 0.9.6, but I still in trouble.
Thanks.
Le jeudi 13 novembre 2008 à 16:44 +0100, inge a écrit :
Hi Alexandre,
Great workaround !!
Maybe I can use it with Redhat if the module is compiled with x86 architecture ?
What about the "flag" field in table description ?
Regards,
A. LEMOINE
Le mercredi 12 novembre 2008 à 20:59 +0300, Alexandre Snarskii a écrit :
On Wed, Nov 12, 2008 at 12:59:35PM +0100, inge wrote:
Hi all,
I look for a workaround to use a white list in addition of authentification proces, based on User-Agent (ie. for example : deny "Asterisk IPBX" permit "Cisco IPhone...")
There is (unofficial) check_ua module added as a patch in FreeBSD port, which works exactly as 'additional UA check'.
Setup is not too complicated: you must create and populate some table in your database. In my example, DB is postgresql, exact create/populate commands is the next:
CREATE TABLE check_ua ( rexx VARCHAR(256) NOT NULL UNIQUE, flag INTEGER NOT NULL DEFAULT(0) ); -- main goal is to disallow user-agents with invalid symbols: INSERT INTO check_ua VALUES('^[0-9A-Za-z/.() _-]{1,64}$',1); -- in your case it should be something like INSERT INTO check_ua VALUES('^Cisco IP Phone.*',1);
Then, add to global configuration:
loadmodule "/usr/local/lib/ser/modules/check_ua.so" modparam("check_ua", "db_url", "postgres://<username>:<password>@<host>/<db>") modparam("check_ua", "db_table", "check_ua")
and somewhere in route section:
if(!check_ua()) { xlog("L_ERR","Invalid UA DENIED: %fu, %is, %ua\n"); sl_send_reply("403", "Forbidden (Invalid UA)"); break; };Voila. Until your Asterisk users will not find correct User-Agent they must use in their sip.conf - it will work... :) In my case - protection against bad symbols - it works even with asterisk... :)
PS: not sure is that module can be found somewhere outside FreeBSD port, at least my google skills is not enough to ... However, both authors (Valentin Nechayev and Maxim Sobolev) read this list.
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi,
Finally I succeed in compiling the module. However, when I use the modparam describes below by Alexandre, the outputs are :
set_mod_param_regex: parameter <db_url> not found in module <check_ua> parse error: Can't set module parameter
and the same outputs for <db_table>. Then I see "CHECK_UA - destroying module".
If I drop the modparam, SER start well and I can use check_ua() into my config file, but it doesn't seem to be operational because it authorizes all my register message.
Thanks for your support.
Regards,
Adrien .L
-
Le vendredi 05 décembre 2008 à 10:51 +0100, inge a écrit :
Hi all,
I'm still working on without success for the moment.
I don't have an idea on the means to use AVP/DB etc. with this purpose.
Someone can help me ?
Regards
Le lundi 24 novembre 2008 à 12:20 +0100, Atle Samuelsen a écrit :
if(search("Asterisk")){ sl_reply("403","Go away ugly asterisk"); break; }else if(search("my_other_ua_i_dont_like"){ sl_reply("403","I do not like you either"); break; }
On Mon, Nov 24, 2008 at 12:16 PM, inge inge@legos.fr wrote:
Someone else has an idea ? I think about how to implement this kind of filtering with functions included in SER 0.9.6, but I still in trouble.
Thanks.
Le jeudi 13 novembre 2008 à 16:44 +0100, inge a écrit :
Hi Alexandre,
Great workaround !!
Maybe I can use it with Redhat if the module is compiled with x86 architecture ?
What about the "flag" field in table description ?
Regards,
A. LEMOINE
Le mercredi 12 novembre 2008 à 20:59 +0300, Alexandre Snarskii a écrit :
On Wed, Nov 12, 2008 at 12:59:35PM +0100, inge wrote:
Hi all,
I look for a workaround to use a white list in addition of authentification proces, based on User-Agent (ie. for example : deny "Asterisk IPBX" permit "Cisco IPhone...")
There is (unofficial) check_ua module added as a patch in FreeBSD port, which works exactly as 'additional UA check'.
Setup is not too complicated: you must create and populate some table in your database. In my example, DB is postgresql, exact create/populate commands is the next:
CREATE TABLE check_ua ( rexx VARCHAR(256) NOT NULL UNIQUE, flag INTEGER NOT NULL DEFAULT(0) ); -- main goal is to disallow user-agents with invalid symbols: INSERT INTO check_ua VALUES('^[0-9A-Za-z/.() _-]{1,64}$',1); -- in your case it should be something like INSERT INTO check_ua VALUES('^Cisco IP Phone.*',1);
Then, add to global configuration:
loadmodule "/usr/local/lib/ser/modules/check_ua.so" modparam("check_ua", "db_url", "postgres://<username>:<password>@<host>/<db>") modparam("check_ua", "db_table", "check_ua")
and somewhere in route section:
if(!check_ua()) { xlog("L_ERR","Invalid UA DENIED: %fu, %is, %ua\n"); sl_send_reply("403", "Forbidden (Invalid UA)"); break; };Voila. Until your Asterisk users will not find correct User-Agent they must use in their sip.conf - it will work... :) In my case - protection against bad symbols - it works even with asterisk... :)
PS: not sure is that module can be found somewhere outside FreeBSD port, at least my google skills is not enough to ... However, both authors (Valentin Nechayev and Maxim Sobolev) read this list.
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
inge