[SR-Users] permissions.allow in conjunction with trusted table
Daniel-Constantin Mierla
miconda at gmail.com
Mon Mar 12 17:59:20 CET 2018
On 05.03.18 17:40, Ben Hood wrote:
> On Mon, Mar 5, 2018 at 9:42 AM, Ben Hood <0x6e6562 at gmail.com> wrote:
>> I'd like to trust HTTP requests from internal subnets and use the
>> trusted table to manage permissions from external networks.
>>
>> Is there a way to configure permissions.allow to trust everything on a
>> local subnet and use the DB table for everything else? Does the
>> permissions module even work in that way (i.e. to use two sources of
>> trust)?
>>
>> If so, what is the permissions.allow syntax to trust a CIDR?
> In the end I put a subnet check into the xhttp route:
>
> event_route[xhttp:request] {
> if(src_ip!=172.16.176.0/24) {
> xhttp_reply("403", "Forbidden", "text/html", "<html><body>Really
> not allowed from $si</body></html>");
> exit;
> }
> ...
> }
>
> This HTTP event handling appears to be independent of the permissions
> module, which is what I wanted to achieve.
>
I would suggest to use address table with permissions module, if you
want to keep the list of ip or subnet addresses in database. Then you
can use allow_source_address("...") in kamailio.cfg. Inside address
table, you can group addresses by an id, which is then given as
parameter to the config function.
Cheers,
Daniel
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
More information about the sr-users
mailing list