[Serusers] authenticate INVITEs
Miklos Tirpak
miklos at iptel.org
Fri Feb 23 17:36:23 CET 2007
On 02/23/2007 05:24 PM, Michal Matyska wrote:
> You can use if (registered("location")) {...}
> it checks location, just does not rewrite request uri (so you don't need
> to save it's old content.
>
> You should set the $tu.uid with the correct value of the caller anyway.
the disadvantage is that you do not verify the source IP address in this
case, so if the INVITE is not authenticated there is a huge security
hole. But I guess the INVITE can be authenticated for the UAC which
supported authentication for the REGISTER. The advantage is that
multiple bindings can be supported.
Miklos
>
> Michal
>
> On Fri, 2007-02-23 at 16:01 +0100, Miklos Tirpak wrote:
>> search the mailing list for "prevent INVITE without REGISTERing"
>> You may have to update the following config, do not define AVP track for
>> example ($f.uid instead of $fu.uid).
>> http://lists.iptel.org/pipermail/serusers/2006-July/029559.html
>>
>> Miklos
>>
>> On 02/23/2007 02:38 PM, Octavarium wrote:
>>> I have enabled mysql authentication of REGISTER messagess, but i need that only INVITE mesagges from devices properly registered in SER can go through, and that INVITE mesagges from devices NOT registered are dropped.
>>>
>>> How can i do this? do you have a sample script?
>>>
>>> Thanx a lot!
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> Serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers
>> _______________________________________________
>> Serusers mailing list
>> Serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list