[Serusers] Authenticating INVITE requests method
Rafael J. Risco G.V.
rafael.risco at gmail.com
Wed Mar 23 22:36:17 CET 2005
hi
I´ve just tested with proxy_xxx and also with www_xxx, both are ok but
with proxy_xxx I have this sip message from ser: "SIP/2.0 407 Proxy
Authentication Required" instead of "SIP/2.0 401 Unauthorized" that I
received when use www_xxx, so must be "proxy_xxx" like that...
if (method == "INVITE" && src_ip!=w.x.y.z) {
log(1, "ANALYZING INVITE REQUEST\n");
if (!proxy_authorize("mydomain", "subscriber")) {
proxy_challenge("mydomain", "0");
break;
};
};
Thank you very much!!!
Rafael
On Wed, 23 Mar 2005 22:12:12 +0100, Marian Dumitru
<marian.dumitru at voice-sistem.ro> wrote:
> Hi Mohammad,
>
> that's true - it must be proxy_xxxx() and not www_xxxx().
>
> Regards,
> Marian
>
> info at beeplove.com wrote:
> > Isn't it the regular practice to use proxy_challenge and proxy_authorize
> > for non REGISER methods.
> >
> > Mohammad
> >
> >
> > Original Message:
> > -----------------
> > From: Marian Dumitru marian.dumitru at voice-sistem.ro
> > Date: Wed, 23 Mar 2005 21:59:27 +0100
> > To: rrisco at millicom.net.pe, serusers at lists.iptel.org
> > Subject: Re: [Serusers] Authenticating INVITE requests method
> >
> >
> > Hi Rafael,
> >
> > replace
> > if (method=="INVITE") {
> > with
> > if (method=="INVITE" && src_ip!=xxx.xxx.xxx.xxx) {
> >
> > where that many xxx-s is the GW's IP.
> >
> > Best regards,
> > Marian
> >
> > Rafael J. Risco G.V. wrote:
> >
> >>Hello
> >>I am doing some security improvements to my configuration because I´ve
> >>realized that everyone can sends calls to PSTN gateways and other
> >>registered users even if the caller fails to register in SER, so now I
> >>instruct SER to check the username and password of the CALLER in every
> >>INVITE request like that:
> >>
> >> if (method=="INVITE") {
> >> if (!www_authorize("mydomain", "subscriber")) {
> >> www_challenge("mydomain", "0");
> >> break;
> >> };
> >> };
> >>
> >>
> >>well it works but not when calls are generated in my gateway Cisco
> >>AS5350 (these GWs dont have register comand) so I need some advice to
> >>"exclude" gateway IP for this authorization process.
> >>
> >>thanks
> >>Rafael
> >>
> >>
> >
> >
>
> --
> Voice System
> http://www.voice-system.ro
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
--
rrgv
More information about the sr-users
mailing list