9 Jan
2003
9 Jan
'03
9:56 p.m.
Hello,
I wanted to configure ser so that only registered user are allowed to make calls. I have
set up digest authentication but still unregistered users can make calls. I wonder if
I'm missing something on my config file (as attached below).
Could someone please tell me what am I doing wrong, or provide me some configuration
example on solving this issue?
Thanks and regards,
Claudio
###########
ser.conf
###########
route{
# Do strict routing if pre-loaded route headers present
rewriteFromRoute();
if (uri==myself) {
if (method=="REGISTER") {
if (!www_authorize("<my_ip>",
"subscriber")) {
www_challenge("<my_ip>", "0");
break;
};
if (method=="INVITE" & !check_from()) {
sl_send_reply("403","Forbidden");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now
if (!t_relay()) {
sl_reply_error();
};
}
##########
9 Jan
9 Jan
10:14 p.m.
On Thu, Jan 09, 2003 at 05:56:35PM -0200, Claudio Thorell dos Santos wrote:
Hello,
I wanted to configure ser so that only registered user are allowed to make calls. I have
set up digest authentication but still unregistered users can make calls. I wonder if
I'm missing something on my config file (as attached below).
Could someone please tell me what am I doing wrong, or provide me some configuration
example on solving this issue?
Try to move `if (method=="INVITE")' check outside of `if
(method=="REGISTER")'
check, because otherwise it is never executed, as the method could not be
REGISTER and INVITE at the same time, i.e.:
if (method=="REGISTER") {
if (!www_authorize("<my_ip>", "subscriber")) {
www_challenge("<my_ip>", "0");
break;
};
save("location");
break;
}
if (method=="INVITE" & !check_from()) {
sl_send_reply("403","Forbidden");
break;
}
-Maxim
Thanks and regards,
Claudio
###########
ser.conf
###########
route{
# Do strict routing if pre-loaded route headers present
rewriteFromRoute();
if (uri==myself) {
if (method=="REGISTER") {
if (!www_authorize("<my_ip>",
"subscriber")) {
www_challenge("<my_ip>", "0");
break;
};
if (method=="INVITE" & !check_from()) {
sl_send_reply("403","Forbidden");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now
if (!t_relay()) {
sl_reply_error();
};
}
##########
10 Jan
10 Jan
2:21 a.m.
yes, that's it.
'if (method=="REGISTER") { ... if method=="INVITE"' will never
be executed.
a possible script fragment is attached -- it challenges all INVITEs.
Note that it may or may not be what you want to do -- if your network
is not closed, you may want other people from other networks
(like new business partners) to call you. That would be impossible
if you requested authentication from them.
So how the script you need should look like depends primarily on your
desired network policy. You may want to authenticate INVITEs to PSTN,
or INVITEs claiming your domain name in From, etc.
Tell me a policy, I will tell the script :-)
-Jiri
if (method=="INVITE") {
if (!proxy_authorize("<my_ip>", "subscriber")) {
proxy_challenge("<my_ip>", "0");
break;
};
};
if (uri==myself) {
if (method=="REGISTER") {
if (!www_authorize("<my_ip>",
"subscriber")) {
www_challenge("<my_ip>", "0");
break;
};
save("location");
break;
};
lookup...
};
t_relay();
At 09:14 PM 1/9/2003, Maxim Sobolev wrote:
On Thu, Jan 09, 2003 at 05:56:35PM -0200, Claudio
Thorell dos Santos wrote:
--
Jiri Kuthan http://iptel.org/~jiri/
Hello,
I wanted to configure ser so that only registered user are allowed to make calls. I have
set up digest authentication but still unregistered users can make calls. I wonder if
I'm missing something on my config file (as attached below).
Could someone please tell me what am I doing wrong, or provide me some configuration
example on solving this issue?
Try to move `if (method=="INVITE")' check outside of `if
(method=="REGISTER")'
check, because otherwise it is never executed, as the method could not be
REGISTER and INVITE at the same time, i.e.:
if (method=="REGISTER") {
if (!www_authorize("<my_ip>", "subscriber")) {
www_challenge("<my_ip>", "0");
break;
};
save("location");
break;
}
if (method=="INVITE" & !check_from()) {
sl_send_reply("403","Forbidden");
break;
}
-Maxim
Thanks and regards,
Claudio
###########
ser.conf
###########
route{
# Do strict routing if pre-loaded route headers present
rewriteFromRoute();
if (uri==myself) {
if (method=="REGISTER") {
if (!www_authorize("<my_ip>",
"subscriber")) {
www_challenge("<my_ip>", "0");
break;
};
if (method=="INVITE" & !check_from()) {
sl_send_reply("403","Forbidden");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now
if (!t_relay()) {
sl_reply_error();
};
}
##########
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
8017
days inactive
8018
days old
2 comments
3 participants
participants (3)
-
Claudio Thorell dos Santos -
Jiri Kuthan -
Maxim Sobolev