[Serusers] REGISTER control based on UA

inge inge at legos.fr
Thu Nov 13 16:44:07 CET 2008 

Hi Alexandre,

Great workaround !!

Maybe I can use it with Redhat if the module is compiled with x86
architecture ?

What about the "flag" field in table description ?

Regards,

A. LEMOINE

Le mercredi 12 novembre 2008 à 20:59 +0300, Alexandre Snarskii a écrit :
> On Wed, Nov 12, 2008 at 12:59:35PM +0100, inge wrote:
> > Hi all,
> > 
> > I look for a workaround to use a white list in addition of
> > authentification proces, based on User-Agent (ie. for example : deny
> > "Asterisk IPBX" permit "Cisco IPhone...")
> 
> There is (unofficial) check_ua module added as a patch in FreeBSD port, 
> which works exactly as 'additional UA check'.
> 
> Setup is not too complicated: you must create and populate some table 
> in your database. In my example, DB is postgresql, exact create/populate 
> commands is the next: 
> 
> CREATE TABLE check_ua ( 
> 	rexx VARCHAR(256) NOT NULL UNIQUE,
> 	flag INTEGER NOT NULL DEFAULT(0)
> );
> -- main goal is to disallow user-agents with invalid symbols: 
> INSERT INTO check_ua VALUES('^[0-9A-Za-z/.() _-]{1,64}$',1);
> -- in your case it should be something like
> INSERT INTO check_ua VALUES('^Cisco IP Phone.*',1);
> 
> Then, add to global configuration: 
> 
> loadmodule "/usr/local/lib/ser/modules/check_ua.so"
> modparam("check_ua", "db_url", "postgres://<username>:<password>@<host>/<db>")
> modparam("check_ua", "db_table", "check_ua")
> 
> and somewhere in route section: 
> 
>         if(!check_ua()) { 
>                 xlog("L_ERR","Invalid UA DENIED: %fu, %is, %ua\n");
>                 sl_send_reply("403", "Forbidden (Invalid UA)");
>                 break;
>         };
> 
> Voila. Until your Asterisk users will not find correct User-Agent
> they must use in their sip.conf - it will work... :) In my case - 
> protection against bad symbols - it works even with asterisk... :) 
> 
> PS: not sure is that module can be found somewhere outside FreeBSD port,
> at least my google skills is not enough to ... 
> However, both authors (Valentin Nechayev and Maxim Sobolev) read this list. 
>

More information about the sr-users mailing list