[SR-Users] Authenticating xhttp request

Olli Attila attiolli at gmail.com
Tue Jun 18 06:42:52 CEST 2019 

Hello,

Ok I loaded the permissions module, and used the allow_trusted()
function call to test if the request is coming from a trusted address.
Works very well and I also used the caching option of the module so
that the database is not queried every time src ip has to be verified.

Cheers,
Olli

ma 17. kesäk. 2019 klo 13.49 Daniel-Constantin Mierla
(miconda at gmail.com) kirjoitti:
>
> Hello,
>
> you can use permissions module with address table for IP based access
> policies.
>
> Cheers,
> Daniel
>
> On 16.06.19 19:58, Olli Attila wrote:
> > Hello,
> >
> > After reading comments from Daniel and Alex I decided to proceed with
> > the design model that uses a middleware server (eg. not exposing
> > kamailio straight to users) which will be the node taking to Kamailio
> > JSONRPC API.
> >
> > That being said... I could go for the ip address authentication. Are
> > there any best practice guides for this?
> >
> > Cheer,
> > Olli
> >
> > pe 14. kesäk. 2019 klo 16.21 Daniel-Constantin Mierla
> > (miconda at gmail.com) kirjoitti:
> >> Hello,
> >>
> >> I would not expose the kamailio to API interactions triggered by the end
> >> users, be careful not to block its activity.
> >>
> >> Anyhow, you can use the www_challenge()/www_authenticate() function from
> >> auth/auth_db modules that are using the records from subscriber table
> >> perform HTTP digest authentication.
> >>
> >> Cheers,
> >> Daniel
> >>
> >> On 14.06.19 09:14, Olli Attila wrote:
> >>> Hello,
> >>>
> >>> I think it would be better to do the authentication with
> >>> username/password. We are developing a web interface which will be
> >>> used to alter dialplan & htable entries and after changes have been
> >>> made, user would command the sip proxies to reload new data from the
> >>> database via jasonrpc. With this design, user authentication would be
> >>> more suitable.
> >>>
> >>> Cheers,
> >>> Olli Attila
> >>>
> >>> pe 14. kesäk. 2019 klo 10.04 Daniel-Constantin Mierla
> >>> (miconda at gmail.com) kirjoitti:
> >>>> Hello,
> >>>>
> >>>> do you want to authenticate with ip addresses stored in database or with
> >>>> username/password?
> >>>>
> >>>> Cheers,
> >>>> Daniel
> >>>>
> >>>> On 13.06.19 08:12, Olli Attila wrote:
> >>>>> Hello,
> >>>>>
> >>>>> I have this xhttp event_route on Kamailio that I am using to signal
> >>>>> the proxy to reload dialplans and htable when necessary:
> >>>>>
> >>>>> event_route[xhttp:request] {
> >>>>>     if(src_ip!=127.0.0.1) {
> >>>>>         xhttp_reply("403", "Forbidden", "text/html",
> >>>>>             "<html><body>Not allowed from $si</body></html>");
> >>>>>         exit;
> >>>>>         }
> >>>>>         if ($hu =~ "^/RPC") {
> >>>>>                 jsonrpc_dispatch();
> >>>>>         } else {
> >>>>>         xhttp_reply("200", "OK", "text/html",
> >>>>>             "<html><body>Wrong URL $hu</body></html>");
> >>>>>     }
> >>>>>     return;
> >>>>> }
> >>>>>
> >>>>> Now instead of returning 403 forbidden for requests coming from other
> >>>>> src_ip than proxy itsef, I would like to authenticate the http request
> >>>>> via proxy database. How can this be done if possible?
> >>>>>
> >>>>> Cheers,
> >>>>> Olli
> >>>>>
> >>>>> _______________________________________________
> >>>>> Kamailio (SER) - Users Mailing List
> >>>>> sr-users at lists.kamailio.org
> >>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> >>>> --
> >>>> Daniel-Constantin Mierla -- www.asipto.com
> >>>> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> >>>>
> >> --
> >> Daniel-Constantin Mierla -- www.asipto.com
> >> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> >>
> >
> --
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>


-- 
"Logic is the art of going wrong with confidence."

More information about the sr-users mailing list