Some UAs, when not explicitly configured with an outbound proxy (some even in this), follow rfc's recommendation of sending a request with a preloaded route set containing one entry, that of what they think it is their outbound proxy, determined through various means.
This is a problem when ser as a serving proxy for multiple domains does the loose_route'ing: if the route entry in the message is an ip address, ser will realise that it is him that must serve the request and everything goes smooth. BUT if the client places a virtual domain in the route set, ser is fooled to believe that it should just proxy forward the request.
Forwarding might be ok, as ser will forward to itself (suboptimal), but in this case how can i prevent illegal relaying?
How should this be elegantly dealt with?
The most obvious answer is to add "alias"es, but i want to handle the domains through domain module only. Shouldn't the domain module have some functionality to load the domains as aliases (at least on demand by module parameter)?
Thanks.
Hi,
it is done this way in the latest CVS version. loose_route uses the domains stored in db table domain and checks if it is responsible for them.
You have to set domain's module pamater db_mode to 1 (cached mode), so whenever you update the database, you'd need to invoke xmlrpm domain.reload method (or restart ser).
Michal
On Tue, Aug 01, 2006 at 09:45:36PM +0200, Weiter Leiter wrote:
Some UAs, when not explicitly configured with an outbound proxy (some even in this), follow rfc's recommendation of sending a request with a preloaded route set containing one entry, that of what they think it is their outbound proxy, determined through various means.
This is a problem when ser as a serving proxy for multiple domains does the loose_route'ing: if the route entry in the message is an ip address, ser will realise that it is him that must serve the request and everything goes smooth. BUT if the client places a virtual domain in the route set, ser is fooled to believe that it should just proxy forward the request.
Forwarding might be ok, as ser will forward to itself (suboptimal), but in this case how can i prevent illegal relaying?
How should this be elegantly dealt with?
The most obvious answer is to add "alias"es, but i want to handle the domains through domain module only. Shouldn't the domain module have some functionality to load the domains as aliases (at least on demand by module parameter)?
Thanks.
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi!
Michal Matyska wrote:
it is done this way in the latest CVS version. loose_route uses the domains stored in db table domain and checks if it is responsible for them.
Sweet. I had the same issue and was looking for a clean solution. Did you (or anybody else) do any tests on how far this would scale? Once some product management guy tosses around the idea of handling multiple (as in more than 10) domains this should be fast.
Would it make sense to backport this to the stable tree? I'm not sure when 0.9.7 will eventually hit the streets.
Thanks, Hendrik
-
Hendrik Scholz -
Michal Matyska -
Weiter Leiter