[OpenSER-Users] call failed 403 forbiden

Bogdan-Andrei Iancu bogdan at voice-system.ro
Mon May 26 10:37:41 CEST 2008


Hi,

The 403 is sent by your script - you just need to debug your script (use 
xlog() to print messages) and to see how the request is processed 
through your script.

Regards,
Bogdan

luzango mfupe wrote:
> Hi mates,
> I still need your pointers regarding my problem in this post, today i 
> have attached  the routes suspected to be involved in this saga. From 
> my config file plz see below.
>
>         # 
> -----------------------------------------------------------------
>         # Unauthorized relay
>         # 
> -----------------------------------------------------------------
>
>         if (!is_uri_host_local()) {
>                         if (is_from_local()) { # We prevent 
> unauthorised relays "clever guys we got u"
>                                 append_hf("P-hint: outbound\r\n");
>
>                 route(10);
>                                 # need to be authenticated
>                         } else {
>                                 sl_send_reply("403", "Forbidden");
>                         };
>                         return;
>         };
>
> route[10] {
>         #-------------------------------------------------------------
>         # Default Message Handler with  Proxy Authentication
>         # 
> -----------------------------------------------------------------
>
>         if(method=="ACK") {   #these you never proxy authenticate
>                 route(1);
>                 return;
>         };
>         if(method=="BYE" || method=="CANCEL") {   #these you never 
> proxy authenticate
>                 route(1);
>                 return;
>         };
>
>         xlog("L_INFO", "Proxy auth $fd $dP destination:$du $dd $ds");#
>
>         if (!route(7)) { #verify the user
>                 return(0);
>         };
>  if (!is_user_in("From", "noauth")) { #no authentication required
>                 if (!proxy_authorize("","subscriber")) {
>         proxy_challenge("","0");
>                         return;
>         } else if (!check_from()) {
>                         sl_send_reply("403", "Use From=ID");
>                         return;
>                 };
>        #        consume_credentials();
>
>         };
>
> #       if (is_user_in("Credentials", "local")) {       # Uncomment to 
> use the group options
>                 route(1);
> #       }else{
> #               sl_send_reply("403", "Busted!!!, you are not allowed 
> this route");
> #       };
>
> return;
> }
>
> With Best Regards,
> LU.
>
>
>
>     Message: 3
>     Date: Tue, 20 May 2008 17:38:50 +0200
>     From: "luzango mfupe" <luzango.mfupe at gmail.com
>     <mailto:luzango.mfupe at gmail.com>>
>     Subject: [OpenSER-Users] Call failed 403 Forbiden
>     To: users at lists.openser.org <mailto:users at lists.openser.org>
>     Message-ID:
>            <9cdd611a0805200838oc11cfedg9762b7451bf543c4 at mail.gmail.com
>     <mailto:9cdd611a0805200838oc11cfedg9762b7451bf543c4 at mail.gmail.com>>
>     Content-Type: text/plain; charset="iso-8859-1"
>
>     Hi mates,
>     Everytime i do try to make my 2 xlite clients talk (which i
>     correctly added
>     them into the database), i encountered with the same problm,
>     Openser perfoms
>     authentication and return call failed 403 forbiden signal.
>
>     My setup comprise of the first box with openser 1.3 and mediaproxy the
>     second box with Mysql and two Xlite clients in two other boxes all
>     are in an
>     internal network, as far as am concerned my NetAdmin have already
>     opened
>     ports 5060 and 3306 for me. I need your right direction on this probm.
>     below is my ngrep snapshot
>
>     mzee:/# ngrep -d eth1 -W byline port 5060
>     interface: eth1 (168.172.200.0/255.255.255.0
>     <http://168.172.200.0/255.255.255.0>)
>     filter: (ip or ip6) and ( port 5060 )
>     #
>     U 168.172.200.70:1824 <http://168.172.200.70:1824> ->
>     168.172.200.87:5060 <http://168.172.200.87:5060>
>     INVITE sip:musketeerm at 168.172.200.87
>     <mailto:sip%3Amusketeerm at 168.172.200.87>
>     <sip%3Amusketeerm at 168.172.200.87
>     <mailto:sip%253Amusketeerm at 168.172.200.87>>SIP/2.0.
>     Via: SIP/2.0/UDP 168.172.200.70:1824 <http://168.172.200.70:1824>
>     ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
>     Max-Forwards: 70.
>     Contact: <sip:dreamteam at 168.172.200.70:1824
>     <http://sip:dreamteam@168.172.200.70:1824>>.
>     To: "musk"<sip:musketeerm at 168.172.200.87
>     <mailto:sip%3Amusketeerm at 168.172.200.87>
>     <sip%3Amusketeerm at 168.172.200.87
>     <mailto:sip%253Amusketeerm at 168.172.200.87>>>.
>     From: "dream"<sip:dreamteam at 168.172.200.87
>     <mailto:sip%3Adreamteam at 168.172.200.87>
>     <sip%3Adreamteam at 168.172.200.87
>     <mailto:sip%253Adreamteam at 168.172.200.87>>
>     >;tag=af4bd714.
>     Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
>     CSeq: 1 INVITE.
>     Session-Expires: 95.
>     Min-SE: 90.
>     Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
>     SUBSCRIBE,
>     INFO.
>     Content-Type: application/sdp.
>     Supported: timer.
>     User-Agent: X-Lite release 1011s stamp 41150.
>     Content-Length: 426.
>     .
>     v=0.
>     o=- 9 2 IN IP4 168.172.200.70 <http://168.172.200.70>.
>     s=CounterPath X-Lite 3.0.
>     c=IN IP4 168.172.200.70 <http://168.172.200.70>.
>     t=0 0.
>     m=audio 52166 RTP/AVP 107 119 100 106 0 105 98 8 101.
>     a=alt:1 1 : uZB2dYm+ NKBRK8Ep 168.172.200.70
>     <http://168.172.200.70> 52166.
>     a=fmtp:101 0-15.
>     a=rtpmap:107 BV32/16000.
>     a=rtpmap:119 BV32-FEC/16000.
>     a=rtpmap:100 SPEEX/16000.
>     a=rtpmap:106 SPEEX-FEC/16000.
>     a=rtpmap:105 SPEEX-FEC/8000.
>     a=rtpmap:98 iLBC/8000.
>     a=rtpmap:101 telephone-event/8000.
>     a=sendrecv.
>     #
>     U 168.172.200.87:5060 <http://168.172.200.87:5060> ->
>     168.172.200.70:1824 <http://168.172.200.70:1824>
>     SIP/2.0 403 Forbidden.
>     Via: SIP/2.0/UDP 168.172.200.70:1824 <http://168.172.200.70:1824>
>     ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
>     To: "musk"<sip:musketeerm at 168.172.200.87
>     <mailto:sip%3Amusketeerm at 168.172.200.87>
>     <sip%3Amusketeerm at 168.172.200.87
>     <mailto:sip%253Amusketeerm at 168.172.200.87>>
>     >;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9.
>     From: "dream"<sip:dreamteam at 168.172.200.87
>     <mailto:sip%3Adreamteam at 168.172.200.87>
>     <sip%3Adreamteam at 168.172.200.87
>     <mailto:sip%253Adreamteam at 168.172.200.87>>
>     >;tag=af4bd714.
>     Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
>     CSeq: 1 INVITE.
>     Server: OpenSER (1.3.0-notls (i386/linux)).
>     Content-Length: 0.
>     .
>     #
>     U 168.172.200.70:1824 <http://168.172.200.70:1824> ->
>     168.172.200.87:5060 <http://168.172.200.87:5060>
>     ACK sip:musketeerm at 168.172.200.87
>     <mailto:sip%3Amusketeerm at 168.172.200.87>
>     <sip%3Amusketeerm at 168.172.200.87
>     <mailto:sip%253Amusketeerm at 168.172.200.87>> SIP/2.0.
>     Via: SIP/2.0/UDP 168.172.200.70:1824 <http://168.172.200.70:1824>
>     ;branch=z9hG4bK-d87543-ef08fb62b30f1a54-1--d87543-.
>     To: "musk"<sip:musketeerm at 168.172.200.87
>     <mailto:sip%3Amusketeerm at 168.172.200.87>
>     <sip%3Amusketeerm at 168.172.200.87
>     <mailto:sip%253Amusketeerm at 168.172.200.87>>
>     >;tag=9a17bd4180f96d7136f8b30b25c6947e.d7e9.
>     From: "dream"<sip:dreamteam at 168.172.200.87
>     <mailto:sip%3Adreamteam at 168.172.200.87>
>     <sip%3Adreamteam at 168.172.200.87
>     <mailto:sip%253Adreamteam at 168.172.200.87>>
>     >;tag=af4bd714.
>     Call-ID: OTAyNWJhOTdiZjBlNmUwNDYyZWI0YzdkM2JhZTUxMTU..
>     CSeq: 1 ACK.
>     Content-Length: 0.
>
>     WBR,
>     LU.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>   





More information about the sr-users mailing list