[OpenSIPS-Users] multidomain, security

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Apr 1 20:06:45 CEST 2014


Hello,

If the caller is not a local user you cannot authenticate him (as you do 
not have any info on that user) - so what you have to do is to limit 
what such a caller can do - typically only to local subscribers (no 
media, no PSTN, no other services, just to your users); or simply reject 
them if you do not want to get calls from foreign domains.

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 19.03.2014 14:20, Miha wrote:
> Hi,
>
> I am doing "proxy_authorize" for "!(method=="REGISTER") && 
> is_from_local()".
>
> I request INVITE is not send from user, which does "not contain" 
> local_domain (defined in domains table) in INVITE, so this will not be 
> authenticated as this request will not go to this 
> "!(method=="REGISTER") && is_from_local()" condition and in my case 
> this invite will go throught.
>
> Was is best practice for droping that kind of invites?
>
> Doing this:
>
>  $avp(port)="5060";
>         if(!$si=="SBC_IP" && 
> !lb_is_destination("$si","$(avp(port){s.int})") && !is_from_local()){
>         drop;
>         }
>
> ?
>
> tnx!
>
> miha
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>




More information about the Users mailing list