[SR-Users] Record-Route IP Value
Soltanici Ilie
iliesh at mail.ru
Tue Oct 31 13:15:55 CET 2017
Hi Alex,
Thank You, i'm trying to use this config:
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si and $(hdr(Record-Route)[0]{nameaddr.uri}) != $null) {
xlog("L_INFO","Spoofing attack detected from $si, blocking");
exit;
} taken from here: https://www.kamailio.org/wiki/tutorials/security/kamailio-security
but, it is not working because as you said the record-route - can be different, like in my case: Record-Route: <sip:192.168.1.1;lr;did=637.07c7c2d7>
Temporarily, i solved using this configuration:
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $null) {
if ( search_hf("Record-Route", ";", "f") ) {
$var(record_route) = $(hdr(Record-Route)[0]{nameaddr.uri}{re.subst,/^sip:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3});.*/\1/});
if($var(record_route)) != $si {
xlogl("L_ERR","Spoofing Attack detected, Blocking\n");
exit;
}
} else {
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si) {
xlogl("L_ERR","Spoofing Attack detected, Blocking\n");
exit;
}
}
}; but, i'm not sure that this is right configuration - and maybe it could be done better. How would you solve this problem?
Thank You.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20171031/65fe7907/attachment.html>
More information about the sr-users
mailing list