[OpenSIPS-Users] multidomain, security

Miha miha at softnet.si
Wed Apr 2 10:18:06 CEST 2014


tnx Bogdan.

Did that:)

br
miha

Dne 4/1/2014 8:06 PM, piše Bogdan-Andrei Iancu:
> Hello,
>
> If the caller is not a local user you cannot authenticate him (as you 
> do not have any info on that user) - so what you have to do is to 
> limit what such a caller can do - typically only to local subscribers 
> (no media, no PSTN, no other services, just to your users); or simply 
> reject them if you do not want to get calls from foreign domains.
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 19.03.2014 14:20, Miha wrote:
>> Hi,
>>
>> I am doing "proxy_authorize" for "!(method=="REGISTER") && 
>> is_from_local()".
>>
>> I request INVITE is not send from user, which does "not contain" 
>> local_domain (defined in domains table) in INVITE, so this will not 
>> be authenticated as this request will not go to this 
>> "!(method=="REGISTER") && is_from_local()" condition and in my case 
>> this invite will go throught.
>>
>> Was is best practice for droping that kind of invites?
>>
>> Doing this:
>>
>> $avp(port)="5060";
>> if(!$si=="SBC_IP" && !lb_is_destination("$si","$(avp(port){s.int})") 
>> && !is_from_local()){
>> drop;
>> }
>>
>> ?
>>
>> tnx!
>>
>> miha
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>




More information about the Users mailing list