[SR-Users] secfilter usage

Tue Dec 3 16:37:16 CET 2019

Hi Aymeric

Try to use force_rport() after sl_send_reply:

secf_check_ua();
if ($? == -2) {
  force_rport();
  sl_send_reply("200", "OK");
  exit;
}

For secf_check_sqli_all() the module drops the packet if a sqli is
detected in any header but for other functions as secf_check_sqli_ua() it
returns a negative code for detection and you choose if you want to drop
the packet or not

Regards

On Tue, 3 Dec 2019 at 15:48, Aymeric Moizard <amoizard at gmail.com> wrote:

> Hi all,
>
> I'm testing and moving my kamailio script to use the newer secfilter
> module.
>
> In the past, I was replying "200 Ok" to "friendly scanners"...
>
> With the newer secfilter module, it looks like I can't send a reply with
> "sl_send_reply("200", "OK")"
>
> secf_check_ua();
> if ($? == -2) {
>   sl_send_reply("200", "OK");
>   exit;
> }
>
>
> I have read the code of the secfilter, but I was not able to see any
> specific code to silently discard the SIP request.
>
> I can see in the documentation about "secf_check_sqli_all", that the SIP
> message is supposed to be "dropped". I can see "w_check_sqli_all" returns 0
> on detection and w_check_ua returns -2 upon detection.
>
> Are the message discarded because a negative value was returned?
>
> Would it be doable, using the secfilter, to still reply 200 Ok?
> Regards
> Aymeric
>
> --
> Antisip - http://www.antisip.com
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191203/3bc3132a/attachment.html>