[sr-dev] git:master: modules/websocket: Updated documentation and fixed typo in configuration file example

Peter Dunkley peter.dunkley at crocodile-rcs.com
Thu Sep 27 17:29:33 CEST 2012 

Module: sip-router
Branch: master
Commit: a24ce948f9f1758440b58d328eb8654efabfbbea
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=a24ce948f9f1758440b58d328eb8654efabfbbea

Author: Peter Dunkley <peter.dunkley at crocodile-rcs.com>
Committer: Peter Dunkley <peter.dunkley at crocodile-rcs.com>
Date:   Thu Sep 27 16:29:03 2012 +0100

modules/websocket: Updated documentation and fixed typo in configuration file example

---

 modules/websocket/README                  |   25 +++++++++++++++++++------
 modules/websocket/doc/websocket_admin.xml |   25 +++++++++++++++++++------
 modules/websocket/example/kamailio.cfg    |    2 +-
 3 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/modules/websocket/README b/modules/websocket/README
index 5a34e3a..9f55bb0 100644
--- a/modules/websocket/README
+++ b/modules/websocket/README
@@ -135,7 +135,12 @@ event_route[xhttp:request] {
         set_reply_close();
         set_reply_no_connect();
 
-        if ($Rp != 80 && $Rp != 443) {
+        if ($Rp != 80
+#!ifdef WITH_TLS
+            && $Rp != 443
+#!endif
+        ) {
+
                 xlog("L_WARN", "HTTP request received on $Rp\n");
                 xhttp_reply("403", "Forbidden", "", "");
                 exit;
@@ -146,17 +151,25 @@ event_route[xhttp:request] {
         if ($hdr(Upgrade)=~"websocket"
                         && $hdr(Connection)=~"Upgrade"
                         && $rm=~"GET") {
-                xlog("L_DBG", "WebSocket\n");
-                xlog("L_DBG", " Host: $hdr(Host)\n");
-                xlog("L_DBG", " Origin: $hdr(Origin)\n");
 
-                if ($hdr(Host) == $null || !is_myself($hdr(Host))) {
+                # Validate Host - make sure the client is using the correct
+                # alias for WebSockets
+                if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
                         xlog("L_WARN", "Bad host $hdr(Host)\n");
                         xhttp_reply("403", "Forbidden", "", "");
                         exit;
                 }
 
-                # Optional... validate Origin
+                # Optional... validate Origin - make sure the client is from an
+                # authorised website.  For example,
+                #
+                # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
+                #     && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
+                #       xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
+                #       xhttp_reply("403", "Forbidden", "", "");
+                #       exit;
+                # }
+
                 # Optional... perform HTTP authentication
 
                 # ws_handle_handshake() exits (no further configuration file
diff --git a/modules/websocket/doc/websocket_admin.xml b/modules/websocket/doc/websocket_admin.xml
index 6609275..7dcdc13 100644
--- a/modules/websocket/doc/websocket_admin.xml
+++ b/modules/websocket/doc/websocket_admin.xml
@@ -51,7 +51,12 @@ event_route[xhttp:request] {
         set_reply_close();
         set_reply_no_connect();
 
-        if ($Rp != 80 && $Rp != 443) {
+        if ($Rp != 80
+#!ifdef WITH_TLS
+            && $Rp != 443
+#!endif
+        ) {
+
                 xlog("L_WARN", "HTTP request received on $Rp\n");
                 xhttp_reply("403", "Forbidden", "", "");
                 exit;
@@ -62,17 +67,25 @@ event_route[xhttp:request] {
         if ($hdr(Upgrade)=~"websocket"
                         && $hdr(Connection)=~"Upgrade"
                         && $rm=~"GET") {
-                xlog("L_DBG", "WebSocket\n");
-                xlog("L_DBG", " Host: $hdr(Host)\n");
-                xlog("L_DBG", " Origin: $hdr(Origin)\n");
 
-                if ($hdr(Host) == $null || !is_myself($hdr(Host))) {
+                # Validate Host - make sure the client is using the correct
+                # alias for WebSockets
+                if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
                         xlog("L_WARN", "Bad host $hdr(Host)\n");
                         xhttp_reply("403", "Forbidden", "", "");
                         exit;
                 }
 
-                # Optional... validate Origin
+                # Optional... validate Origin - make sure the client is from an
+                # authorised website.  For example,
+                #
+                # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
+                #     && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
+                #       xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
+                #       xhttp_reply("403", "Forbidden", "", "");
+                #       exit;
+                # }
+
                 # Optional... perform HTTP authentication
 
                 # ws_handle_handshake() exits (no further configuration file
diff --git a/modules/websocket/example/kamailio.cfg b/modules/websocket/example/kamailio.cfg
index 17ae075..f4b4c12 100644
--- a/modules/websocket/example/kamailio.cfg
+++ b/modules/websocket/example/kamailio.cfg
@@ -355,7 +355,7 @@ event_route[xhttp:request] {
 		# processing of the request) when complete.
 		if (ws_handle_handshake())
 		{
-			# Optional... cache some information abou the
+			# Optional... cache some information about the
 			# successful connection
 			exit;
 		}

More information about the sr-dev mailing list