[SR-Users] "Sleeping Giant - No Snore" Kam?
Alex Balashov
abalashov at evaristesys.com
Thu May 10 04:05:24 CEST 2018
There are a lot of options here.
For source IPs and subnets, the `permissions` module probably works
best:
https://kamailio.org/docs/modules/5.1.x/modules/permissions.html
While it can function in a mode where it bangs on your database for
every request, it also supports a caching mode (db_mode 1):
https://kamailio.org/docs/modules/5.1.x/modules/permissions.html#permissions.p.db_mode
In caching mode, it loads the ACL from the database once on startup and
keeps it in memory. If you have made alterations to the database table
and want to kick Kamailio to reload it, there are management/RPC commands for that[2]:
https://kamailio.org/docs/modules/5.1.x/modules/permissions.html#permissions.r.trustedReload
https://kamailio.org/docs/modules/5.1.x/modules/permissions.html#permissions.r.addressReload
Note that in a lot of scenarios, use of the permissions module isn't
truly necessary because some other module provides a de facto ACL. For
example, if you are using the dispatcher[1] module to front-end a group
of servers for round-robin type load balancing, making routing decisions
based on whether the origin is within the dispatcher server pool seems
only natural[2]:
if(ds_is_from_list("1")) {
# Allow from own application server farm.
}
For filtering out nonlocal URI domains, the `domain` module presents a
natural fit. It works much as `permissions` does in terms of in-memory
caching and that:
https://kamailio.org/docs/modules/5.1.x/modules/domain.html
And if you should find that these modules' data model doesn't
schematically meet your needs, you can always seed your own `htable`
values from a DB-backed hash table:
https://kamailio.org/docs/modules/5.1.x/modules/htable.html#htable.p.db_url
Or fetch these values from somewhere else (e.g. HTTP API) and inject
them into an htable upon startup:
https://kamailio.org/docs/modules/5.1.x/modules/htable.html#idp49461924
Lots of options...
-- Alex
[1] https://kamailio.org/docs/modules/5.1.x/modules/dispatcher.html
[2] https://kamailio.org/docs/modules/5.1.x/modules/dispatcher.html#dispatcher.f.ds_is_from_list
On Wed, May 09, 2018 at 09:04:16PM +0000, KamDev Essa wrote:
> easy. Not one of my domains or source IPs. Unless hackers is ex user they would never know my list.
> KD
> On Wednesday, May 9, 2018, 4:53:21 PM EDT, Alex Balashov <abalashov at evaristesys.com> wrote:
>
> How would you define "foes" in a programmatic sense? :) That will dictate the answer.
>
> -- Alex
>
> --
> Sent via mobile, please forgive typos and brevity.
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
More information about the sr-users
mailing list