24 Sep
2008
24 Sep
'08
2:49 a.m.
Hi All,
Hi All,I need please to configure kamailio in order to force the user to
register to my it from a specific IP...It's like creation of an access
list...If the customer tries to register from another IP frm the one
specified in kamailio he'll be denied
Regards
24 Sep
24 Sep
3 a.m.
New subject: [Kamailio-Users] Access List
michel freiha writes:
Hi All,I need please to configure kamailio in order to
force the user to
register to my it from a specific IP...It's like creation of an access
list...If the customer tries to register from another IP frm the one
specified in kamailio he'll be denied
using radius authentication this could be done quite easily by returning
the allowed ip address of the user as a reply attribute and then by
checking in the script if source address matches the avp value where the
attribute value gets assigned to. another possibility in trunk version
would be to add source ip as an extra attribute to authentication
request and then letting radius server to do the checking.
if you don't use radius, then check other replies.
-- juha
6:10 a.m.
Hello,
for auth against database, it was another discussion thread with subject
"Bind Access To Users to their IPs" debating similar issue.
However, here are the steps for a solution:
- add in subscriber table a column named src_ip, a varchar where to
store the ip per subscriber
- set: modparam("auth_db", "load_credentials",
"$avp(s:src_ip)=src_ip")
- in the routing blocks:
if (is_method("REGISTER"))
{
# authenticate the REGISTER requests (uncomment to enable auth)
if (!www_authorize("", "subscriber"))
{
www_challenge("", "0");
exit;
}
if (!check_to())
{
sl_send_reply("403","Forbidden auth ID");
exit;
}
# this if was added for IP checking
if($avp(s:src_ip) != $si)
{
sl_send_reply("403","Forbidden IP");
exit;
}
if (!save("location"))
sl_reply_error();
exit;
}
Cheers,
Daniel
On 09/24/08 10:00, Juha Heinanen wrote:
michel freiha writes:
--
Daniel-Constantin Mierla
http://www.asipto.com
Hi All,I need please to configure kamailio in
order to force the user to
register to my it from a specific IP...It's like creation of an access
list...If the customer tries to register from another IP frm the one
specified in kamailio he'll be denied
using radius authentication this could be done quite easily by returning
the allowed ip address of the user as a reply attribute and then by
checking in the script if source address matches the avp value where the
attribute value gets assigned to. another possibility in trunk version
would be to add source ip as an extra attribute to authentication
request and then letting radius server to do the checking.
if you don't use radius, then check other replies.
-- juha
_______________________________________________
Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
5938
days inactive
5938
days old
2 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
jh@tutpro.com -
michel freiha