[sr-dev] git:master: modules/websocket: Updated documentation and fixed typo in configuration file example

27 Sep 2012

Module: sip-router
Branch: master
Commit: a24ce948f9f1758440b58d328eb8654efabfbbea
URL:   
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=a24ce94…

Author: Peter Dunkley &lt;peter.dunkley(a)crocodile-rcs.com&gt;
Committer: Peter Dunkley &lt;peter.dunkley(a)crocodile-rcs.com&gt;
Date:   Thu Sep 27 16:29:03 2012 +0100

modules/websocket: Updated documentation and fixed typo in configuration file example

---

 modules/websocket/README                  |   25 +++++++++++++++++++------
 modules/websocket/doc/websocket_admin.xml |   25 +++++++++++++++++++------
 modules/websocket/example/kamailio.cfg    |    2 +-
 3 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/modules/websocket/README b/modules/websocket/README
index 5a34e3a..9f55bb0 100644
--- a/modules/websocket/README
+++ b/modules/websocket/README
@@ -135,7 +135,12 @@ event_route[xhttp:request] {
         set_reply_close();
         set_reply_no_connect();
 
-        if ($Rp != 80 && $Rp != 443) {
+        if ($Rp != 80
+#!ifdef WITH_TLS
+            && $Rp != 443
+#!endif
+        ) {
+
                 xlog("L_WARN", "HTTP request received on $Rp\n");
                 xhttp_reply("403", "Forbidden", "",
"");
                 exit;
@@ -146,17 +151,25 @@ event_route[xhttp:request] {
         if ($hdr(Upgrade)=~"websocket"
                         && $hdr(Connection)=~"Upgrade"
                         && $rm=~"GET") {
-                xlog("L_DBG", "WebSocket\n");
-                xlog("L_DBG", " Host: $hdr(Host)\n");
-                xlog("L_DBG", " Origin: $hdr(Origin)\n");
 
-                if ($hdr(Host) == $null || !is_myself($hdr(Host))) {
+                # Validate Host - make sure the client is using the correct
+                # alias for WebSockets
+                if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
                         xlog("L_WARN", "Bad host $hdr(Host)\n");
                         xhttp_reply("403", "Forbidden", "",
"");
                         exit;
                 }
 
-                # Optional... validate Origin
+                # Optional... validate Origin - make sure the client is from an
+                # authorised website.  For example,
+                #
+                # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
+                #     && $hdr(Origin) !=
"https://communicator.MY_DOMAIN") {
+                #       xlog("L_WARN", "Unauthorised client
$hdr(Origin)\n");
+                #       xhttp_reply("403", "Forbidden", "",
"");
+                #       exit;
+                # }
+
                 # Optional... perform HTTP authentication
 
                 # ws_handle_handshake() exits (no further configuration file
diff --git a/modules/websocket/doc/websocket_admin.xml
b/modules/websocket/doc/websocket_admin.xml
index 6609275..7dcdc13 100644
--- a/modules/websocket/doc/websocket_admin.xml
+++ b/modules/websocket/doc/websocket_admin.xml
@@ -51,7 +51,12 @@ event_route[xhttp:request] {
         set_reply_close();
         set_reply_no_connect();
 
-        if ($Rp != 80 && $Rp != 443) {
+        if ($Rp != 80
+#!ifdef WITH_TLS
+            && $Rp != 443
+#!endif
+        ) {
+
                 xlog("L_WARN", "HTTP request received on $Rp\n");
                 xhttp_reply("403", "Forbidden", "",
"");
                 exit;
@@ -62,17 +67,25 @@ event_route[xhttp:request] {
         if ($hdr(Upgrade)=~"websocket"
                         && $hdr(Connection)=~"Upgrade"
                         && $rm=~"GET") {
-                xlog("L_DBG", "WebSocket\n");
-                xlog("L_DBG", " Host: $hdr(Host)\n");
-                xlog("L_DBG", " Origin: $hdr(Origin)\n");
 
-                if ($hdr(Host) == $null || !is_myself($hdr(Host))) {
+                # Validate Host - make sure the client is using the correct
+                # alias for WebSockets
+                if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
                         xlog("L_WARN", "Bad host $hdr(Host)\n");
                         xhttp_reply("403", "Forbidden", "",
"");
                         exit;
                 }
 
-                # Optional... validate Origin
+                # Optional... validate Origin - make sure the client is from an
+                # authorised website.  For example,
+                #
+                # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
+                #     && $hdr(Origin) !=
"https://communicator.MY_DOMAIN") {
+                #       xlog("L_WARN", "Unauthorised client
$hdr(Origin)\n");
+                #       xhttp_reply("403", "Forbidden", "",
"");
+                #       exit;
+                # }
+
                 # Optional... perform HTTP authentication
 
                 # ws_handle_handshake() exits (no further configuration file
diff --git a/modules/websocket/example/kamailio.cfg
b/modules/websocket/example/kamailio.cfg
index 17ae075..f4b4c12 100644
--- a/modules/websocket/example/kamailio.cfg
+++ b/modules/websocket/example/kamailio.cfg
@@ -355,7 +355,7 @@ event_route[xhttp:request] {
 		# processing of the request) when complete.
 		if (ws_handle_handshake())
 		{
-			# Optional... cache some information abou the
+			# Optional... cache some information about the
 			# successful connection
 			exit;
 		}



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[sr-dev] git:master: modules/websocket: Updated documentation and fixed typo in configuration file example