[Serusers] REGISTER control based on UA

inge inge at legos.fr
Fri Dec 5 10:51:04 CET 2008 

Hi all,

I'm still working on without success for the moment.

I don't have an idea on the means to use AVP/DB etc. with this purpose.

Someone can help me ?

Regards

Le lundi 24 novembre 2008 à 12:20 +0100, Atle Samuelsen a écrit :
> if(search("Asterisk")){
>      sl_reply("403","Go away ugly asterisk");
>      break;
> }else if(search("my_other_ua_i_dont_like"){
>    sl_reply("403","I do not like you either");
>    break;
> }
> 
> 
> On Mon, Nov 24, 2008 at 12:16 PM, inge <inge at legos.fr> wrote:
> > Someone else has an idea ? I think about how to implement this kind of
> > filtering with functions included in SER 0.9.6, but I still in trouble.
> >
> > Thanks.
> >
> > Le jeudi 13 novembre 2008 à 16:44 +0100, inge a écrit :
> >> Hi Alexandre,
> >>
> >> Great workaround !!
> >>
> >> Maybe I can use it with Redhat if the module is compiled with x86
> >> architecture ?
> >>
> >> What about the "flag" field in table description ?
> >>
> >> Regards,
> >>
> >> A. LEMOINE
> >>
> >> Le mercredi 12 novembre 2008 à 20:59 +0300, Alexandre Snarskii a écrit :
> >> > On Wed, Nov 12, 2008 at 12:59:35PM +0100, inge wrote:
> >> > > Hi all,
> >> > >
> >> > > I look for a workaround to use a white list in addition of
> >> > > authentification proces, based on User-Agent (ie. for example : deny
> >> > > "Asterisk IPBX" permit "Cisco IPhone...")
> >> >
> >> > There is (unofficial) check_ua module added as a patch in FreeBSD port,
> >> > which works exactly as 'additional UA check'.
> >> >
> >> > Setup is not too complicated: you must create and populate some table
> >> > in your database. In my example, DB is postgresql, exact create/populate
> >> > commands is the next:
> >> >
> >> > CREATE TABLE check_ua (
> >> >     rexx VARCHAR(256) NOT NULL UNIQUE,
> >> >     flag INTEGER NOT NULL DEFAULT(0)
> >> > );
> >> > -- main goal is to disallow user-agents with invalid symbols:
> >> > INSERT INTO check_ua VALUES('^[0-9A-Za-z/.() _-]{1,64}$',1);
> >> > -- in your case it should be something like
> >> > INSERT INTO check_ua VALUES('^Cisco IP Phone.*',1);
> >> >
> >> > Then, add to global configuration:
> >> >
> >> > loadmodule "/usr/local/lib/ser/modules/check_ua.so"
> >> > modparam("check_ua", "db_url", "postgres://<username>:<password>@<host>/<db>")
> >> > modparam("check_ua", "db_table", "check_ua")
> >> >
> >> > and somewhere in route section:
> >> >
> >> >         if(!check_ua()) {
> >> >                 xlog("L_ERR","Invalid UA DENIED: %fu, %is, %ua\n");
> >> >                 sl_send_reply("403", "Forbidden (Invalid UA)");
> >> >                 break;
> >> >         };
> >> >
> >> > Voila. Until your Asterisk users will not find correct User-Agent
> >> > they must use in their sip.conf - it will work... :) In my case -
> >> > protection against bad symbols - it works even with asterisk... :)
> >> >
> >> > PS: not sure is that module can be found somewhere outside FreeBSD port,
> >> > at least my google skills is not enough to ...
> >> > However, both authors (Valentin Nechayev and Maxim Sobolev) read this list.
> >> >
> >>
> >> _______________________________________________
> >> Serusers mailing list
> >> Serusers at lists.iptel.org
> >> http://lists.iptel.org/mailman/listinfo/serusers
> >
> > _______________________________________________
> > Serusers mailing list
> > Serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >

More information about the sr-users mailing list