23 Mar
2005
23 Mar
'05
11:07 p.m.
Isn't it the regular practice to use proxy_challenge and proxy_authorize
for non REGISER methods.
Mohammad
Original Message:
-----------------
From: Marian Dumitru marian.dumitru(a)voice-sistem.ro
Date: Wed, 23 Mar 2005 21:59:27 +0100
To: rrisco(a)millicom.net.pe, serusers(a)iptel.org
Subject: Re: [Serusers] Authenticating INVITE requests method
Hi Rafael,
replace
if (method=="INVITE") {
with
if (method=="INVITE" && src_ip!=xxx.xxx.xxx.xxx) {
where that many xxx-s is the GW's IP.
Best regards,
Marian
Rafael J. Risco G.V. wrote:
Hello
I am doing some security improvements to my configuration because I´ve
realized that everyone can sends calls to PSTN gateways and other
registered users even if the caller fails to register in SER, so now I
instruct SER to check the username and password of the CALLER in every
INVITE request like that:
if (method=="INVITE") {
if (!www_authorize("mydomain", "subscriber")) {
www_challenge("mydomain", "0");
break;
};
};
well it works but not when calls are generated in my gateway Cisco
AS5350 (these GWs dont have register comand) so I need some advice to
"exclude" gateway IP for this authorization process.
thanks
Rafael
--
Voice System
http://www.voice-system.ro
_______________________________________________
Serusers mailing list
Serusers(a)iptel.org
http://mail.iptel.org/mailman/listinfo/serusers
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
23 Mar
23 Mar
11:12 p.m.
New subject: [Serusers] Authenticating INVITE requests method
Hi Mohammad,
that's true - it must be proxy_xxxx() and not www_xxxx().
Regards,
Marian
info(a)beeplove.com wrote:
Isn't it the regular practice to use
proxy_challenge and proxy_authorize
for non REGISER methods.
Mohammad
Original Message:
-----------------
From: Marian Dumitru marian.dumitru(a)voice-sistem.ro
Date: Wed, 23 Mar 2005 21:59:27 +0100
To: rrisco(a)millicom.net.pe, serusers(a)lists.iptel.org
Subject: Re: [Serusers] Authenticating INVITE requests method
Hi Rafael,
replace
if (method=="INVITE") {
with
if (method=="INVITE" && src_ip!=xxx.xxx.xxx.xxx) {
where that many xxx-s is the GW's IP.
Best regards,
Marian
Rafael J. Risco G.V. wrote:
--
Voice System
http://www.voice-system.ro
Hello
I am doing some security improvements to my configuration because I´ve
realized that everyone can sends calls to PSTN gateways and other
registered users even if the caller fails to register in SER, so now I
instruct SER to check the username and password of the CALLER in every
INVITE request like that:
if (method=="INVITE") {
if (!www_authorize("mydomain", "subscriber")) {
www_challenge("mydomain", "0");
break;
};
};
well it works but not when calls are generated in my gateway Cisco
AS5350 (these GWs dont have register comand) so I need some advice to
"exclude" gateway IP for this authorization process.
thanks
Rafael
11:36 p.m.
New subject: [Serusers] Authenticating INVITE requests method
hi
I´ve just tested with proxy_xxx and also with www_xxx, both are ok but
with proxy_xxx I have this sip message from ser: "SIP/2.0 407 Proxy
Authentication Required" instead of "SIP/2.0 401 Unauthorized" that I
received when use www_xxx, so must be "proxy_xxx" like that...
if (method == "INVITE" && src_ip!=w.x.y.z) {
log(1, "ANALYZING INVITE REQUEST\n");
if (!proxy_authorize("mydomain",
"subscriber")) {
proxy_challenge("mydomain", "0");
break;
};
};
Thank you very much!!!
Rafael
On Wed, 23 Mar 2005 22:12:12 +0100, Marian Dumitru
<marian.dumitru(a)voice-sistem.ro> wrote:
Hi Mohammad,
that's true - it must be proxy_xxxx() and not www_xxxx().
Regards,
Marian
info(a)beeplove.com wrote:
--
rrgv
Isn't it the regular practice to use
proxy_challenge and proxy_authorize
for non REGISER methods.
Mohammad
Original Message:
-----------------
From: Marian Dumitru marian.dumitru(a)voice-sistem.ro
Date: Wed, 23 Mar 2005 21:59:27 +0100
To: rrisco(a)millicom.net.pe, serusers(a)lists.iptel.org
Subject: Re: [Serusers] Authenticating INVITE requests method
Hi Rafael,
replace
if (method=="INVITE") {
with
if (method=="INVITE" && src_ip!=xxx.xxx.xxx.xxx) {
where that many xxx-s is the GW's IP.
Best regards,
Marian
Rafael J. Risco G.V. wrote:
--
Voice System
http://www.voice-system.ro
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Hello
I am doing some security improvements to my configuration because I´ve
realized that everyone can sends calls to PSTN gateways and other
registered users even if the caller fails to register in SER, so now I
instruct SER to check the username and password of the CALLER in every
INVITE request like that:
if (method=="INVITE") {
if (!www_authorize("mydomain", "subscriber")) {
www_challenge("mydomain", "0");
break;
};
};
well it works but not when calls are generated in my gateway Cisco
AS5350 (these GWs dont have register comand) so I need some advice to
"exclude" gateway IP for this authorization process.
thanks
Rafael
7214
days inactive
7214
days old
2 comments
3 participants
participants (3)
-
info@beeplove.com -
Marian Dumitru -
Rafael J. Risco G.V.