[Serusers] REGISTER control based on UA

inge inge at legos.fr
Fri Dec 12 16:05:52 CET 2008 

Hi,

Finally I succeed in compiling the module. However, when I use the
modparam describes below by Alexandre, the outputs are :

set_mod_param_regex: parameter <db_url> not found in module <check_ua>
parse error: Can't set module parameter

and the same outputs for <db_table>. Then I see "CHECK_UA - destroying
module".

If I drop the modparam, SER start well and I can use check_ua() into my
config file, but it doesn't seem to be operational because it authorizes
all my register message.

Thanks for your support.

Regards,

Adrien .L

-

Le vendredi 05 décembre 2008 à 10:51 +0100, inge a écrit :
> Hi all,
> 
> I'm still working on without success for the moment.
> 
> I don't have an idea on the means to use AVP/DB etc. with this purpose.
> 
> Someone can help me ?
> 
> Regards
> 
> Le lundi 24 novembre 2008 à 12:20 +0100, Atle Samuelsen a écrit :
> > if(search("Asterisk")){
> >      sl_reply("403","Go away ugly asterisk");
> >      break;
> > }else if(search("my_other_ua_i_dont_like"){
> >    sl_reply("403","I do not like you either");
> >    break;
> > }
> > 
> > 
> > On Mon, Nov 24, 2008 at 12:16 PM, inge <inge at legos.fr> wrote:
> > > Someone else has an idea ? I think about how to implement this kind of
> > > filtering with functions included in SER 0.9.6, but I still in trouble.
> > >
> > > Thanks.
> > >
> > > Le jeudi 13 novembre 2008 à 16:44 +0100, inge a écrit :
> > >> Hi Alexandre,
> > >>
> > >> Great workaround !!
> > >>
> > >> Maybe I can use it with Redhat if the module is compiled with x86
> > >> architecture ?
> > >>
> > >> What about the "flag" field in table description ?
> > >>
> > >> Regards,
> > >>
> > >> A. LEMOINE
> > >>
> > >> Le mercredi 12 novembre 2008 à 20:59 +0300, Alexandre Snarskii a écrit :
> > >> > On Wed, Nov 12, 2008 at 12:59:35PM +0100, inge wrote:
> > >> > > Hi all,
> > >> > >
> > >> > > I look for a workaround to use a white list in addition of
> > >> > > authentification proces, based on User-Agent (ie. for example : deny
> > >> > > "Asterisk IPBX" permit "Cisco IPhone...")
> > >> >
> > >> > There is (unofficial) check_ua module added as a patch in FreeBSD port,
> > >> > which works exactly as 'additional UA check'.
> > >> >
> > >> > Setup is not too complicated: you must create and populate some table
> > >> > in your database. In my example, DB is postgresql, exact create/populate
> > >> > commands is the next:
> > >> >
> > >> > CREATE TABLE check_ua (
> > >> >     rexx VARCHAR(256) NOT NULL UNIQUE,
> > >> >     flag INTEGER NOT NULL DEFAULT(0)
> > >> > );
> > >> > -- main goal is to disallow user-agents with invalid symbols:
> > >> > INSERT INTO check_ua VALUES('^[0-9A-Za-z/.() _-]{1,64}$',1);
> > >> > -- in your case it should be something like
> > >> > INSERT INTO check_ua VALUES('^Cisco IP Phone.*',1);
> > >> >
> > >> > Then, add to global configuration:
> > >> >
> > >> > loadmodule "/usr/local/lib/ser/modules/check_ua.so"
> > >> > modparam("check_ua", "db_url", "postgres://<username>:<password>@<host>/<db>")
> > >> > modparam("check_ua", "db_table", "check_ua")
> > >> >
> > >> > and somewhere in route section:
> > >> >
> > >> >         if(!check_ua()) {
> > >> >                 xlog("L_ERR","Invalid UA DENIED: %fu, %is, %ua\n");
> > >> >                 sl_send_reply("403", "Forbidden (Invalid UA)");
> > >> >                 break;
> > >> >         };
> > >> >
> > >> > Voila. Until your Asterisk users will not find correct User-Agent
> > >> > they must use in their sip.conf - it will work... :) In my case -
> > >> > protection against bad symbols - it works even with asterisk... :)
> > >> >
> > >> > PS: not sure is that module can be found somewhere outside FreeBSD port,
> > >> > at least my google skills is not enough to ...
> > >> > However, both authors (Valentin Nechayev and Maxim Sobolev) read this list.
> > >> >
> > >>
> > >> _______________________________________________
> > >> Serusers mailing list
> > >> Serusers at lists.iptel.org
> > >> http://lists.iptel.org/mailman/listinfo/serusers
> > >
> > > _______________________________________________
> > > Serusers mailing list
> > > Serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> > >
> 
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list