[Serusers] Blocking calls from unregistered users
Ryan Pagquil
rpagquil at philonline.com
Thu Sep 1 01:13:46 CEST 2005
Hi,
I'm currently subscribed to iptel.org. Well iptel.org's proxy doesn't
allow unregistered users to call to anybody, I already tried it. Does
having my domain specified in the proxy_authorize section means that
only users from my domain will be asked to register first before they
can place a call? I think I already tried this.. but I'll still test. =)
Thanks,
Ryan
Pavol Segec wrote:
>Hi,
>
>If I understand well, you just need to put authorization challenge into your
>ser.cfg file where INVITE messages are handled, as follows:
>
>if(!proxy_authorize("your.domain","subscriber")){
> proxy_challenge("your.domain","0");
> sl_send_reply("403","Forbidden");
> break;
> };
>
>pavol
>
>Citát Dave <ddx66 at yahoo.com>:
>
>
>
>>You can't as far as I know. You must use a USer Agent
>>that does not allow a user to make a calls unless the
>>UA is registered.
>>
>>--- rpagquil at philonline.com wrote:
>>
>>
>>---------------------------------
>>Hi, I'm setting up ser so that unregistered users
>>can't make any calls to anybody. I have configured to
>>allow all other domains to make a call to my local
>>users. But when my local user that is unregistered it
>>can still make calls to other local users. How would I
>>do to block him totally? here is my ser.cfg: debug=3
>>fork=yes log_stderror=yes listen=202.84.24.107
>>port=5060 children=4 dns=no rev_dns=no
>>fifo="/tmp/ser_fifo"
>>fifo_db_url="mysql://ser:heslo@localhost/ser"
>>alias=sip.philonline.com #load module part
>>loadmodule "/usr/local/lib/ser/modules/mysql.so"
>>loadmodule "/usr/local/lib/ser/modules/domain.so"
>>loadmodule "/usr/local/lib/ser/modules/sl.so"
>>loadmodule "/usr/local/lib/ser/modules/tm.so"
>>loadmodule "/usr/local/lib/ser/modules/rr.so"
>>loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
>>loadmodule "/usr/local/lib/ser/modules/usrloc.so"
>>loadmodule "/usr/local/lib/ser/modules/registrar.so"
>>loadmodule "/usr/local/lib/ser/modules/auth.so"
>>loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>>loadmodule "/usr/local/lib/ser/modules/uri.so"
>>loadmodule "/usr/local/lib/ser/modules/uri_db.so"
>>loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
>>loadmodule "/usr/local/lib/ser/modules/nathelper.so"
>>loadmodule "/usr/local/lib/ser/modules/textops.so"
>>loadmodule "/usr/local/lib/ser/modules/acc.so"
>>loadmodule "/usr/local/lib/ser/modules/permissions.so"
>> #module parameter setup modparam("rr",
>>"enable_full_lr", 1)
>>modparam("auth_db|uri_db|usrloc|domain|permissions",
>>"db_url", "mysql://ser:heslo@localhost/ser")
>>modparam("auth_db", "calculate_ha1", 1)
>>modparam("auth_db", "password_column", "password")
>>modparam("usrloc", "db_mode", 2)
>>modparam("nathelper", "rtpproxy_disable", 1)
>>modparam("nathelper", "natping_interval", 0)
>>modparam("mediaproxy", "natping_interval", 30)
>>modparam("mediaproxy", "mediaproxy_socket",
>>"/var/run/mediaproxy.sock") modparam("mediaproxy",
>>"sip_asymmetrics", "/usr/local/etc/ser/sip-clients")
>>modparam("mediaproxy", "rtp_asymmetrics",
>>"/usr/local/etc/ser/rtp-clients")
>>modparam("registrar", "nat_flag", 6) modparam("acc",
>>"log_level", 2) modparam("acc", "log_fmt",
>>"cdfimorstup") modparam("acc", "report_ack", 1)
>>#modparam("acc", "failed_transactions", 1)
>>modparam("acc", "log_flag", 1) #modparam("acc",
>>"report_cancels", 1) modparam("acc", "db_flag", 1)
>>modparam("acc", "db_missed_flag", 3) modparam("acc",
>>"db_url", "mysql://ser:heslo@localhost/ser")
>>modparam("uri_db", "uri_table", "uri")
>>modparam("uri_db", "uri_user_column", "username")
>>modparam("uri_db", "uri_domain_column", "domain")
>>modparam("domain", "db_mode", 1) modparam("domain",
>>"domain_table", "domain") modparam("domain",
>>"domain_col", "domain") modparam("permissions",
>>"default_allow_file",
>>"/usr/local/etc/ser/allow.permissions")
>>modparam("permissions", "default_deny_file",
>>"/usr/local/etc/ser/deny.permissions") #our routing
>>logic route { if
>>(!mf_process_maxfwd_header("10")) {
>>sl_send_reply("483", "Too many hops");
>>break; }; if (msg:len > max_len) {
>> sl_send_reply("513", "Message overflow");
>> break; }; ###record
>>route#### if (method=="INVITE" &&
>>client_nat_test("3")) {
>>record_route_preset("202.84.24.107:5060;nat=yes");
>> } else if (method!="REGISTER") {
>>record_route(); }; ###call tear down
>>section### if (method=="BYE" ||
>>method=="CANCEL") {
>>end_media_session(); }; ###accounting###
>> if ((!has_totag() && (method=="INVITE" ||
>>method=="ACK")) || (method=="BYE")) {
>>setflag(1); }; ###loose route### if
>>(loose_route()) { if (has_totag() &&
>>(method=="INVITE" || method=="ACK")) {
>> if (client_nat_test("3") ||
>>search("^Route:.*;nat=yes")) {
>> setflag(6);
>>use_media_proxy(); };
>> }; route(1);
>>break; }; ###call type processing###
>>if (uri!=myself) { route(1);
>> break; }; if (uri==myself) {
>> if (method=="CANCEL") {
>> route(3); break;
>> } else if (method=="INVITE") {
>> route(3); break;
>> } else if (method=="REGISTER") {
>> route(2);
>> break; };
>>lookup("aliases"); if (uri!=myself) {
>> route(1);
>> break; }; if
>>(!lookup("location")) {
>>sl_send_reply("404", "User not found");
>> break; }; };
>>route(1); } ##Default message handler## route[1] {
>> t_on_reply("1"); if (!t_relay()) {
>> if (method=="INVITE" || method=="ACK") {
>> end_media_session();
>> }; sl_reply_error(); }; }
>> ##Register message handler## route[2] {
>>sl_send_reply("100", "Trying"); if
>>(!search("^Contact:\ +\*") && client_nat_test("7")) {
>> setflag(6);
>>fix_nated_register(); force_rport();
>> }; if
>>(!www_authorize("sip.philonline.com","subscriber")) {
>>
>>www_challenge("sip.philonline.com","0");
>> break; }; if (!check_to()) {
>> sl_send_reply("401", "You are Unauthorized");
>> break; };
>>consume_credentials(); if (!save("location"))
>>{ sl_reply_error(); }; }
>>##INVITE message Handler## route[3] {
>>if (client_nat_test("3")) {
>>setflag(7); force_rport();
>> fix_nated_contact(); }; if
>>(!search("To: .*@sip.philonline.com")) { if
>>(!proxy_authorize("","subscriber")) {
>>proxy_challenge("", "0"); break;
>> }; if (!check_from() && method=="INVITE")
>>{ sl_send_reply("403", "User
>>From=ID"); break; };
>>}; lookup("aliases"); if
>>(uri!=myself) { route(1);
>> break; }; if (!lookup("location"))
>>{ sl_send_reply("404", "User not
>>found"); break; }; if
>>(method=="CANCEL") { route(1);
>> break; };
>>consume_credentials(); if (isflagset(6) ||
>>isflagset(7)) { use_media_proxy();
>> }; route(1); } onreply_route[1] {
>> if (isflagset(6) || isflagset(7) &&
>>(status=~"(180)|(183)|2[0-9][0-9]")) {
>> if (!search("^Content-Length:\ +0")) {
>> use_media_proxy(); };
>>}; if (client_nat_test("1")) {
>> fix_nated_contact(); }; } Thanks,
>>--ryanRyan PagquilInfodyne Inc.
>>(www.philonline.com)Tel. (632)-6870715>
>>_______________________________________________
>>
>>
>>>Serusers mailing list
>>>serusers at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>>
>>>
>>
>>
>>____________________________________________________
>>Start your day with Yahoo! - make it your home page
>>http://www.yahoo.com/r/hs
>>
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>>
>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
>
--
Ryan Pagquil
Infodyne Inc. - PhilOnline.com
3603 Antel Global Corporate Center
Doña Julia Vargas Ave.
Ortigas Center Pasig City
Tel: 687-0715
Web: www.philonline.com
More information about the sr-users
mailing list