[Serusers] REGISTER control based on UA

inge inge at legos.fr
Mon Nov 24 12:16:25 CET 2008 

Someone else has an idea ? I think about how to implement this kind of
filtering with functions included in SER 0.9.6, but I still in trouble.

Thanks.

Le jeudi 13 novembre 2008 à 16:44 +0100, inge a écrit :
> Hi Alexandre,
> 
> Great workaround !!
> 
> Maybe I can use it with Redhat if the module is compiled with x86
> architecture ?
> 
> What about the "flag" field in table description ?
> 
> Regards,
> 
> A. LEMOINE
> 
> Le mercredi 12 novembre 2008 à 20:59 +0300, Alexandre Snarskii a écrit :
> > On Wed, Nov 12, 2008 at 12:59:35PM +0100, inge wrote:
> > > Hi all,
> > > 
> > > I look for a workaround to use a white list in addition of
> > > authentification proces, based on User-Agent (ie. for example : deny
> > > "Asterisk IPBX" permit "Cisco IPhone...")
> > 
> > There is (unofficial) check_ua module added as a patch in FreeBSD port, 
> > which works exactly as 'additional UA check'.
> > 
> > Setup is not too complicated: you must create and populate some table 
> > in your database. In my example, DB is postgresql, exact create/populate 
> > commands is the next: 
> > 
> > CREATE TABLE check_ua ( 
> > 	rexx VARCHAR(256) NOT NULL UNIQUE,
> > 	flag INTEGER NOT NULL DEFAULT(0)
> > );
> > -- main goal is to disallow user-agents with invalid symbols: 
> > INSERT INTO check_ua VALUES('^[0-9A-Za-z/.() _-]{1,64}$',1);
> > -- in your case it should be something like
> > INSERT INTO check_ua VALUES('^Cisco IP Phone.*',1);
> > 
> > Then, add to global configuration: 
> > 
> > loadmodule "/usr/local/lib/ser/modules/check_ua.so"
> > modparam("check_ua", "db_url", "postgres://<username>:<password>@<host>/<db>")
> > modparam("check_ua", "db_table", "check_ua")
> > 
> > and somewhere in route section: 
> > 
> >         if(!check_ua()) { 
> >                 xlog("L_ERR","Invalid UA DENIED: %fu, %is, %ua\n");
> >                 sl_send_reply("403", "Forbidden (Invalid UA)");
> >                 break;
> >         };
> > 
> > Voila. Until your Asterisk users will not find correct User-Agent
> > they must use in their sip.conf - it will work... :) In my case - 
> > protection against bad symbols - it works even with asterisk... :) 
> > 
> > PS: not sure is that module can be found somewhere outside FreeBSD port,
> > at least my google skills is not enough to ... 
> > However, both authors (Valentin Nechayev and Maxim Sobolev) read this list. 
> > 
> 
> _______________________________________________
> Serusers mailing list
> Serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list