[OpenSIPS-Users] multidomain, security
Bogdan-Andrei Iancu
bogdan at opensips.org
Tue Apr 1 20:06:45 CEST 2014
Hello,
If the caller is not a local user you cannot authenticate him (as you do
not have any info on that user) - so what you have to do is to limit
what such a caller can do - typically only to local subscribers (no
media, no PSTN, no other services, just to your users); or simply reject
them if you do not want to get calls from foreign domains.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 19.03.2014 14:20, Miha wrote:
> Hi,
>
> I am doing "proxy_authorize" for "!(method=="REGISTER") &&
> is_from_local()".
>
> I request INVITE is not send from user, which does "not contain"
> local_domain (defined in domains table) in INVITE, so this will not be
> authenticated as this request will not go to this
> "!(method=="REGISTER") && is_from_local()" condition and in my case
> this invite will go throught.
>
> Was is best practice for droping that kind of invites?
>
> Doing this:
>
> $avp(port)="5060";
> if(!$si=="SBC_IP" &&
> !lb_is_destination("$si","$(avp(port){s.int})") && !is_from_local()){
> drop;
> }
>
> ?
>
> tnx!
>
> miha
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
More information about the Users
mailing list