This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
tutorials:security:kamailio-security [2019/04/04 10:34] pepelux |
tutorials:security:kamailio-security [2019/05/23 12:40] pepelux |
||
---|---|---|---|
Line 96: | Line 96: | ||
</ | </ | ||
- | ==== Change the server header ==== | + | ==== Change the server |
When Kamailio sends you a packet back, it will be friendly enough to tell you which version of Kamailio is running. This informs the attacker which types of attacks might make sense. | When Kamailio sends you a packet back, it will be friendly enough to tell you which version of Kamailio is running. This informs the attacker which types of attacks might make sense. | ||
Line 117: | Line 117: | ||
sip_warning=0 | sip_warning=0 | ||
</ | </ | ||
+ | |||
+ | To change the user agent header (e.g. used from the dispatcher module to send out OPTIONS requests) use this parameter: | ||
+ | |||
+ | < | ||
+ | user_agent_header=" | ||
+ | </ | ||
+ | |||
===== Anti-Flood ===== | ===== Anti-Flood ===== | ||
Line 323: | Line 330: | ||
< | < | ||
- | loadmodule | + | loadmodule |
loadmodule | loadmodule | ||
Line 334: | Line 341: | ||
route[SECURITY_CHECKS] { | route[SECURITY_CHECKS] { | ||
- | if (geoip_match(" | + | if (geoip2_match(" |
# return values ... | # return values ... | ||
# 2 = whitelisted | # 2 = whitelisted | ||
Line 340: | Line 347: | ||
# -1 = error | # -1 = error | ||
# -2 = blacklisted | # -2 = blacklisted | ||
- | secf_check_country($gip(src=> | + | secf_check_country($gip2(src=> |
if ($? == -2) { | if ($? == -2) { | ||
- | xalert(" | + | xalert(" |
exit; | exit; | ||
} | } |