[Serusers] Authenticating INVITE requests method

Rafael J. Risco G.V. rafael.risco at gmail.com
Wed Mar 23 22:36:17 CET 2005 

hi
I´ve just tested with proxy_xxx and also with www_xxx, both are ok but
with proxy_xxx I have this sip message from ser: "SIP/2.0 407 Proxy
Authentication Required" instead of "SIP/2.0 401 Unauthorized" that I
received when use www_xxx, so must be "proxy_xxx" like that...

if (method == "INVITE" && src_ip!=w.x.y.z) {
                        log(1, "ANALYZING INVITE REQUEST\n");
                        if (!proxy_authorize("mydomain", "subscriber")) {
                                proxy_challenge("mydomain", "0");
                                break;
                        };
                };


Thank you very much!!!

Rafael



On Wed, 23 Mar 2005 22:12:12 +0100, Marian Dumitru
<marian.dumitru at voice-sistem.ro> wrote:
> Hi Mohammad,
> 
> that's true - it must be proxy_xxxx() and not www_xxxx().
> 
> Regards,
> Marian
> 
> info at beeplove.com wrote:
> > Isn't it the regular practice to use proxy_challenge and proxy_authorize
> > for non REGISER methods.
> >
> > Mohammad
> >
> >
> > Original Message:
> > -----------------
> > From: Marian Dumitru marian.dumitru at voice-sistem.ro
> > Date: Wed, 23 Mar 2005 21:59:27 +0100
> > To: rrisco at millicom.net.pe, serusers at lists.iptel.org
> > Subject: Re: [Serusers] Authenticating INVITE requests method
> >
> >
> > Hi Rafael,
> >
> > replace
> >       if (method=="INVITE") {
> > with
> >       if (method=="INVITE" && src_ip!=xxx.xxx.xxx.xxx) {
> >
> > where that many xxx-s is the GW's IP.
> >
> > Best regards,
> > Marian
> >
> > Rafael J. Risco G.V. wrote:
> >
> >>Hello
> >>I am doing some security improvements to my configuration because I´ve
> >>realized that everyone can sends calls to PSTN gateways and other
> >>registered users even if the caller fails to register in SER, so now I
> >>instruct SER to check the username and password of the CALLER in every
> >>INVITE request like that:
> >>
> >>  if (method=="INVITE") {
> >>      if (!www_authorize("mydomain", "subscriber")) {
> >>          www_challenge("mydomain", "0");
> >>          break;
> >>      };
> >>  };
> >>
> >>
> >>well it works but not when calls are generated in my gateway Cisco
> >>AS5350 (these GWs dont have register comand)  so I need some advice to
> >>"exclude" gateway IP for this authorization process.
> >>
> >>thanks
> >>Rafael
> >>
> >>
> >
> >
> 
> --
> Voice System
> http://www.voice-system.ro
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 


-- 

rrgv

More information about the sr-users mailing list