[SR-Users] Authenticating xhttp request

Olli Attila attiolli at gmail.com
Sun Jun 16 19:58:22 CEST 2019 

Hello,

After reading comments from Daniel and Alex I decided to proceed with
the design model that uses a middleware server (eg. not exposing
kamailio straight to users) which will be the node taking to Kamailio
JSONRPC API.

That being said... I could go for the ip address authentication. Are
there any best practice guides for this?

Cheer,
Olli

pe 14. kesäk. 2019 klo 16.21 Daniel-Constantin Mierla
(miconda at gmail.com) kirjoitti:
>
> Hello,
>
> I would not expose the kamailio to API interactions triggered by the end
> users, be careful not to block its activity.
>
> Anyhow, you can use the www_challenge()/www_authenticate() function from
> auth/auth_db modules that are using the records from subscriber table
> perform HTTP digest authentication.
>
> Cheers,
> Daniel
>
> On 14.06.19 09:14, Olli Attila wrote:
> > Hello,
> >
> > I think it would be better to do the authentication with
> > username/password. We are developing a web interface which will be
> > used to alter dialplan & htable entries and after changes have been
> > made, user would command the sip proxies to reload new data from the
> > database via jasonrpc. With this design, user authentication would be
> > more suitable.
> >
> > Cheers,
> > Olli Attila
> >
> > pe 14. kesäk. 2019 klo 10.04 Daniel-Constantin Mierla
> > (miconda at gmail.com) kirjoitti:
> >> Hello,
> >>
> >> do you want to authenticate with ip addresses stored in database or with
> >> username/password?
> >>
> >> Cheers,
> >> Daniel
> >>
> >> On 13.06.19 08:12, Olli Attila wrote:
> >>> Hello,
> >>>
> >>> I have this xhttp event_route on Kamailio that I am using to signal
> >>> the proxy to reload dialplans and htable when necessary:
> >>>
> >>> event_route[xhttp:request] {
> >>>     if(src_ip!=127.0.0.1) {
> >>>         xhttp_reply("403", "Forbidden", "text/html",
> >>>             "<html><body>Not allowed from $si</body></html>");
> >>>         exit;
> >>>         }
> >>>         if ($hu =~ "^/RPC") {
> >>>                 jsonrpc_dispatch();
> >>>         } else {
> >>>         xhttp_reply("200", "OK", "text/html",
> >>>             "<html><body>Wrong URL $hu</body></html>");
> >>>     }
> >>>     return;
> >>> }
> >>>
> >>> Now instead of returning 403 forbidden for requests coming from other
> >>> src_ip than proxy itsef, I would like to authenticate the http request
> >>> via proxy database. How can this be done if possible?
> >>>
> >>> Cheers,
> >>> Olli
> >>>
> >>> _______________________________________________
> >>> Kamailio (SER) - Users Mailing List
> >>> sr-users at lists.kamailio.org
> >>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >> --
> >> Daniel-Constantin Mierla -- www.asipto.com
> >> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> >>
> >
> --
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>


-- 
"Logic is the art of going wrong with confidence."

More information about the sr-users mailing list