userblacklist Module


Table of Contents

1. Admin Guide
1.1. Overview
1.2. Dependencies
1.2.1. OpenSIPS Modules
1.2.2. External Libraries or Applications
1.3. Exported Parameters
1.3.1. db_url (string)
1.3.2. db_table (string)
1.3.3. use_domain (integer)
1.4. Exported Functions
1.4.1. check_user_blacklist (string user, string domain, string number, string table)
1.4.2. check_blacklist (string table)
1.5. Exported MI Functions
1.5.1. reload_blacklist
1.6. Installation and Running
1.6.1. Database setup
2. Contributors
2.1. By Commit Statistics
2.2. By Commit Activity
3. Documentation
3.1. Contributors

List of Tables

2.1. Top contributors by DevScore(1), authored commits(2) and lines added/removed(3)
2.2. Most recently active contributors(1) to this module

List of Examples

1.1. Set db_url parameter
1.2. Set db_table parameter
1.3. Set use_domain parameter
1.4. check_user_blacklist usage
1.5. check_blacklist usage
1.6. reload_blacklists usage
1.7. Example database content - globalblacklist table
1.8. Example database content - userblacklist table

Chapter 1. Admin Guide

1.1. Overview

The userblacklist module allows OpenSIPS to handle blacklists on a per user basis. This information is stored in a database table, which is queried to decide if the number (more exactly, the request URI user) is blacklisted or not.

An additional functionality that this module provides is the ability to handle global blacklists. This lists are loaded on startup into memory, thus providing a better performance then in the userblacklist case. This global blacklists are useful to only allow calls to certain international destinations, i.e. block all not whitelisted numbers. They could also used to prevent the blacklisting of important numbers, as whitelisting is supported too. This is useful for example to prevent the customer from blocking emergency call number or service hotlines.

The module exports two functions, check_blacklist and check_user_blacklist for usage in the config file. Furthermore its provide a FIFO function to reload the global blacklist cache.

1.2. Dependencies

1.2.1. OpenSIPS Modules

The module depends on the following modules (in the other words the listed modules must be loaded before this module):

  • database -- Any database module

1.2.2. External Libraries or Applications

The following libraries or applications must be installed before running OpenSIPS with this module loaded:

  • none

1.3. Exported Parameters

1.3.1. db_url (string)

Url to the database containing the routing data.

Default value is mysql://opensipsro:opensipsro@localhost/opensips.

Example 1.1. Set db_url parameter

...
modparam("userblacklist", "db_url", "dbdriver://username:password@dbhost/dbname")
...
		

1.3.2. db_table (string)

Name of the table where the user blacklist data is stored.

Default value is userblacklist.

Example 1.2. Set db_table parameter

...
modparam("userblacklist", "db_table", "userblacklist")
...
		    

1.3.3. use_domain (integer)

If set to non-zero value, the domain column in the userblacklist is used.

Default value is 0.

Example 1.3. Set use_domain parameter

...
modparam("userblacklist", "use_domain", 0)
...
		    

1.4. Exported Functions

1.4.1.  check_user_blacklist (string user, string domain, string number, string table)

Finds the longest prefix that matches the request URI user (or the number parameter) for the given user and domain name in the database. If a match is found and it is not set to whitelist, false is returned. Otherwise, true is returned. Pseudo-variables or AVPs can be used for the user, domain and number parameters. The number and table variables are optional, the defaults are used if they are ommited. The number parameter can be used to check for example against the from URI user.

Example 1.4. check_user_blacklist usage

...
if (!check_user_blacklist("user", "domain.com"))
	sl_send_reply("403", "Forbidden");
	exit;
}
...
		

1.4.2.  check_blacklist (string table)

Finds the longest prefix that matches the request URI for the given table. If a match is found and it is not set to whitelist, false is returned. Otherwise, true is returned.

Example 1.5. check_blacklist usage

...
if (!check_blacklist("global_blacklist")))
	sl_send_reply("403", "Forbidden");
	exit;
}
...
		

1.5. Exported MI Functions

1.5.1.  reload_blacklist

Reload the internal global blacklist cache. This is necessary after the database tables for the global blacklist have been changed.

Example 1.6. reload_blacklists usage

...
opensipsctl fifo reload_blacklist
...
		

1.6. Installation and Running

1.6.1. Database setup

Before running OpenSIPS with userblacklist, you have to setup the database table where the module will read the blacklist data. For that, if the table was not created by the installation script or you choose to install everything by yourself you can use the userblacklist-create.sql SQL script in the database directories in the opensips/scripts folder as template. Database and table name can be set with module parameters so they can be changed, but the name of the columns must be as they are in the SQL script. You can also find the complete database documentation on the project webpage, https://opensips.org/docs/db/db-schema-devel.html.

Example 1.7. Example database content - globalblacklist table

...
+----+-----------+-----------+
| id | prefix    | whitelist |
+----+-----------+-----------+
|  1 |           |         0 |
|  2 | 1         |         1 |
|  3 | 123456    |         0 |
|  4 | 123455787 |         0 |
+----+-----------+-----------+
...
		

This table will setup a global blacklist for all numbers, only allowing calls starting with 1. Numbers that starting with 123456 and 123455787 are also blacklisted, because the longest prefix will be matched.

Example 1.8. Example database content - userblacklist table

...
+----+----------------+-------------+-----------+-----------+
| id | username       | domain      | prefix    | whitelist |
+----+----------------+-------------+-----------+-----------+
| 23 | 49721123456788 |             | 1234      |         0 |
| 22 | 49721123456788 |             | 123456788 |         1 |
| 21 | 49721123456789 |             | 12345     |         0 |
| 20 | 494675231      |             | 499034133 |         1 |
| 19 | 494675231      | test        | 499034132 |         0 |
| 18 | 494675453      | test.domain | 49901     |         0 |
| 17 | 494675454      |             | 49900     |         0 |
+----+----------------+-------------+-----------+-----------+
...
		

This table will setup user specific blacklists for certain usernames. For example for user 49721123456788 the prefix 1234 will be not allowed, but the number 123456788 is allowed. Additionally a domain could be specified that is used for username matching if the use_domain parameter is set.

Chapter 2. Contributors

2.1. By Commit Statistics

Table 2.1. Top contributors by DevScore(1), authored commits(2) and lines added/removed(3)

 NameDevScoreCommitsLines ++Lines --
1. Bogdan-Andrei Iancu (@bogdan-iancu)18165453
2. Liviu Chircu (@liviuchircu)13113855
3. Hardy Kahl11111910
4. Razvan Crainea (@razvancrainea)971611
5. Henning Westerholt (@henningw)9520472
6. Daniel-Constantin Mierla (@miconda)861712
7. Ruslan Bukin312110
8. Julián Moreno Patiño3111
9. UnixDev3111
10. Edson Gellert Schubert31060

All remaining contributors: Vlad Paiu (@vladpaiu), Vlad Patrascu (@rvlad-patrascu).

(1) DevScore = author_commits + author_lines_added / (project_lines_added / project_commits) + author_lines_deleted / (project_lines_deleted / project_commits)

(2) including any documentation-related commits, excluding merge commits. Regarding imported patches/code, we do our best to count the work on behalf of the proper owner, as per the "fix_authors" and "mod_renames" arrays in opensips/doc/build-contrib.sh. If you identify any patches/commits which do not get properly attributed to you, please submit a pull request which extends "fix_authors" and/or "mod_renames".

(3) ignoring whitespace edits, renamed files and auto-generated files

2.2. By Commit Activity

Table 2.2. Most recently active contributors(1) to this module

 NameCommit Activity
1. Liviu Chircu (@liviuchircu)Mar 2014 - Jul 2020
2. Bogdan-Andrei Iancu (@bogdan-iancu)Feb 2008 - Jun 2020
3. Razvan Crainea (@razvancrainea)Sep 2011 - Sep 2019
4. Vlad Patrascu (@rvlad-patrascu)May 2017 - May 2017
5. Julián Moreno PatiñoFeb 2016 - Feb 2016
6. Vlad Paiu (@vladpaiu)Apr 2011 - Apr 2011
7. Ruslan BukinOct 2009 - Oct 2009
8. UnixDevFeb 2009 - Feb 2009
9. Henning Westerholt (@henningw)Feb 2008 - May 2008
10. Daniel-Constantin Mierla (@miconda)Mar 2008 - Mar 2008

All remaining contributors: Edson Gellert Schubert, Hardy Kahl.

(1) including any documentation-related commits, excluding merge commits

Chapter 3. Documentation

3.1. Contributors

Last edited by: Bogdan-Andrei Iancu (@bogdan-iancu), Liviu Chircu (@liviuchircu), Razvan Crainea (@razvancrainea), Henning Westerholt (@henningw), Daniel-Constantin Mierla (@miconda), Edson Gellert Schubert, Hardy Kahl.

doc copyrights:

Copyright © 2008 1&1 Internet AG