[Serusers] partially restrict access

Daniel Medina medina at columbia.edu
Thu Nov 13 21:25:04 CET 2003


 We're configuring ser to allow any calls made to local extensions go to
the local PBX, but restrict 10-digit calls via the gateway from
non-registered users.  This is the config.

if (uri=~"^sip:(.+@)?mydomain.edu") {
	if (method=="REGISTER") {
	log(1, "REGISTER received\n");
	if (!www_authorize("mydomain.edu", "subscriber")) {
		www_challenge("mydomain.edu", "0");
		break;
	};
	save("location");
	break;
}; 

# 5-digit local call
if (uri=~"^sip:[0-9]{5}@mydomain.edu") {
	rewritehostport("CISCO_GW:5060");
	log(1,"5 digit local call");
	route(2);
	break;
};

# 10 Digit dialing with outside line (93 +1 +number)
if (uri=~"^sip:931[0-9]{10}@mydomain.edu") {
	if(!(src_ip=="CISCO_GW") & 
	   !(proxy_authorize("mydomain.edu","subscriber"))) {
		proxy_challenge("mydomain.edu", "1");
		break;
	} else {
		rewritehostport("CISCO_GW:5060");
		log(1,"Outside line")
		route(2);
		break;
	};
};

 I've seen other configs posted which appeared to be more strict than 
this, specifically they would only allow registered users to may calls, 
and not accept calls from anonymous sources to local numbers.

 This above appears to work, sort of.  While it doesn't allow anonymous 
callers to register, I think it's also not allowing them a chance to 
authenticate.  The logs say

ERROR: forward_msg: no 2nd via found in reply 
 (repeated a few times)
Outside line 
 (Indicating that the caller actually passed)
route[2]:SIP-to-PSTN call routed
ERROR: reply cannot be parsed

and repeat.

 Any clues?

-- 
Dan




More information about the sr-users mailing list