[OpenSIPS-Users] multidomain, security
Miha
miha at softnet.si
Wed Apr 2 10:18:06 CEST 2014
tnx Bogdan.
Did that:)
br
miha
Dne 4/1/2014 8:06 PM, piše Bogdan-Andrei Iancu:
> Hello,
>
> If the caller is not a local user you cannot authenticate him (as you
> do not have any info on that user) - so what you have to do is to
> limit what such a caller can do - typically only to local subscribers
> (no media, no PSTN, no other services, just to your users); or simply
> reject them if you do not want to get calls from foreign domains.
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 19.03.2014 14:20, Miha wrote:
>> Hi,
>>
>> I am doing "proxy_authorize" for "!(method=="REGISTER") &&
>> is_from_local()".
>>
>> I request INVITE is not send from user, which does "not contain"
>> local_domain (defined in domains table) in INVITE, so this will not
>> be authenticated as this request will not go to this
>> "!(method=="REGISTER") && is_from_local()" condition and in my case
>> this invite will go throught.
>>
>> Was is best practice for droping that kind of invites?
>>
>> Doing this:
>>
>> $avp(port)="5060";
>> if(!$si=="SBC_IP" && !lb_is_destination("$si","$(avp(port){s.int})")
>> && !is_from_local()){
>> drop;
>> }
>>
>> ?
>>
>> tnx!
>>
>> miha
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
More information about the Users
mailing list