[SR-Users] secfilter usage

Tue Dec 3 16:37:59 CET 2019

Sorry ... Try to use force_rport() *before* sl_send_reply

On Tue, 3 Dec 2019 at 16:37, Pepelux <pepeluxx at gmail.com> wrote:

> Hi Aymeric
>
> Try to use force_rport() after sl_send_reply:
>
> secf_check_ua();
> if ($? == -2) {
>   force_rport();
>   sl_send_reply("200", "OK");
>   exit;
> }
>
> For secf_check_sqli_all() the module drops the packet if a sqli is
> detected in any header but for other functions as secf_check_sqli_ua() it
> returns a negative code for detection and you choose if you want to drop
> the packet or not
>
> Regards
>
>
> On Tue, 3 Dec 2019 at 15:48, Aymeric Moizard <amoizard at gmail.com> wrote:
>
>> Hi all,
>>
>> I'm testing and moving my kamailio script to use the newer secfilter
>> module.
>>
>> In the past, I was replying "200 Ok" to "friendly scanners"...
>>
>> With the newer secfilter module, it looks like I can't send a reply with
>> "sl_send_reply("200", "OK")"
>>
>> secf_check_ua();
>> if ($? == -2) {
>>   sl_send_reply("200", "OK");
>>   exit;
>> }
>>
>>
>> I have read the code of the secfilter, but I was not able to see any
>> specific code to silently discard the SIP request.
>>
>> I can see in the documentation about "secf_check_sqli_all", that the SIP
>> message is supposed to be "dropped". I can see "w_check_sqli_all" returns 0
>> on detection and w_check_ua returns -2 upon detection.
>>
>> Are the message discarded because a negative value was returned?
>>
>> Would it be doable, using the secfilter, to still reply 200 Ok?
>> Regards
>> Aymeric
>>
>> --
>> Antisip - http://www.antisip.com
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191203/f0122fb0/attachment.html>