[SR-Users] how to see banned address after rule it

PICCORO McKAY Lenz mckaygerhard at gmail.com
Mon Feb 18 20:01:38 CET 2019


i configure rules for routing banned ip and i want to see where i can
autdit this issues.. i mean where i can automatically define a cron setup
that grep those logs definitios.. where are loggin those all?

my rules are:

define at begining of kamailio.cfg "#!WITH_ANTIFLOOD", later add:

#!ifdef WITH_ANTIFLOOD
loadmodule "htable.so"
loadmodule "pike.so"

modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 16)
modparam("pike", "remove_latency", 4)
modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
#!endif

later routing definitions:

route[REQINIT] {
   if(src_ip!=myself) {
        if($sht(ipban=>$si)!=$null) {
            xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
            exit;
        }
        if (!pike_check_req()) {
            xlog("L_ALERT","ALERT: pike blocking $rm from $fu
(IP:$si:$sp)\n");
            $sht(ipban=>$si) = 1;
            exit;
        }
    }
    if($ua =~ "friendly-scanner|sipcli|VaxSIPUserAgent") {
            xlog("L_ALERT","ALERT: friendly canings from $fu
(IP:$si:$sp)\n");
        exit;
    }
    if (!mf_process_maxfwd_header("10")) {
        sl_send_reply("483","Too Many Hops");
        exit;
    }
    if(is_method("OPTIONS") && uri==myself && $rU==$null) {
        sl_send_reply("200","Keepalive");
        exit;
    }
    if(!sanity_check("1511", "7")) {
        xlog("Malformed SIP message from $si:$sp\n");
        exit;
    }
}

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190218/ace5b29f/attachment.html>


More information about the sr-users mailing list