[Serusers] partially restrict access
Daniel Medina
medina at columbia.edu
Thu Nov 13 21:25:04 CET 2003
We're configuring ser to allow any calls made to local extensions go to
the local PBX, but restrict 10-digit calls via the gateway from
non-registered users. This is the config.
if (uri=~"^sip:(.+@)?mydomain.edu") {
if (method=="REGISTER") {
log(1, "REGISTER received\n");
if (!www_authorize("mydomain.edu", "subscriber")) {
www_challenge("mydomain.edu", "0");
break;
};
save("location");
break;
};
# 5-digit local call
if (uri=~"^sip:[0-9]{5}@mydomain.edu") {
rewritehostport("CISCO_GW:5060");
log(1,"5 digit local call");
route(2);
break;
};
# 10 Digit dialing with outside line (93 +1 +number)
if (uri=~"^sip:931[0-9]{10}@mydomain.edu") {
if(!(src_ip=="CISCO_GW") &
!(proxy_authorize("mydomain.edu","subscriber"))) {
proxy_challenge("mydomain.edu", "1");
break;
} else {
rewritehostport("CISCO_GW:5060");
log(1,"Outside line")
route(2);
break;
};
};
I've seen other configs posted which appeared to be more strict than
this, specifically they would only allow registered users to may calls,
and not accept calls from anonymous sources to local numbers.
This above appears to work, sort of. While it doesn't allow anonymous
callers to register, I think it's also not allowing them a chance to
authenticate. The logs say
ERROR: forward_msg: no 2nd via found in reply
(repeated a few times)
Outside line
(Indicating that the caller actually passed)
route[2]:SIP-to-PSTN call routed
ERROR: reply cannot be parsed
and repeat.
Any clues?
--
Dan
More information about the sr-users
mailing list