[Serdev] Can the function is_to_local be added to the domain
module
Jan Janak
jan at iptel.org
Tue May 25 07:41:37 UTC 2004
You can use digest authentication as well and challenge all messages
except ACK and CANCEL. Relying on To header field is not reliable since
the header field is not involved in routing and there is no check of that header
field at all, so it can contain anything.
Jan.
On 25-05 16:38, Zeus Ng wrote:
> In an effort to prevent third party from using our sip proxy as a open
> relay, I'm try to use the following logic for tight control.
>
> If (!(is_from_local() || is_uri_host_local())) {
> xlog("L_ERR", "Relay access denied");
> sl_send_reply("404", "Relay access not allowed here");
> break;
> };
>
> However, I think this is not a reliable checking method as R-URI can be
> changed along the way from proxy to proxy. Is it possible to introduce the
> is_to_local() function much like the is_from_local() in the domain module.
> As far as I understand, the "To" header should not be changed even after
> passing a proxy. So, checking it for relay access is much better than
> checking R-URI.
>
> Your comment is welcome.
>
>
> Zeus Ng
>
> **********************************************************************
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
>
> If you have received this email in error, you are prohibited from reading,
> copying, distributing and using the information. Please contact the sender
> immediately by return email and destroy the original message.
> ******************************************************************
>
>
> _______________________________________________
> Serdev mailing list
> serdev at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serdev
More information about the Serdev
mailing list