16 Jun
2019
16 Jun
'19
8:58 p.m.
Hello,
After reading comments from Daniel and Alex I decided to proceed with
the design model that uses a middleware server (eg. not exposing
kamailio straight to users) which will be the node taking to Kamailio
JSONRPC API.
That being said... I could go for the ip address authentication. Are
there any best practice guides for this?
Cheer,
Olli
pe 14. kesäk. 2019 klo 16.21 Daniel-Constantin Mierla
(miconda(a)gmail.com) kirjoitti:
Hello,
I would not expose the kamailio to API interactions triggered by the end
users, be careful not to block its activity.
Anyhow, you can use the www_challenge()/www_authenticate() function from
auth/auth_db modules that are using the records from subscriber table
perform HTTP digest authentication.
Cheers,
Daniel
On 14.06.19 09:14, Olli Attila wrote:
--
"Logic is the art of going wrong with confidence."
Hello,
I think it would be better to do the authentication with
username/password. We are developing a web interface which will be
used to alter dialplan & htable entries and after changes have been
made, user would command the sip proxies to reload new data from the
database via jasonrpc. With this design, user authentication would be
more suitable.
Cheers,
Olli Attila
pe 14. kesäk. 2019 klo 10.04 Daniel-Constantin Mierla
(miconda(a)gmail.com) kirjoitti:
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Hello,
do you want to authenticate with ip addresses stored in database or with
username/password?
Cheers,
Daniel
On 13.06.19 08:12, Olli Attila wrote:
Hello,
I have this xhttp event_route on Kamailio that I am using to signal
the proxy to reload dialplans and htable when necessary:
event_route[xhttp:request] {
if(src_ip!=127.0.0.1) {
xhttp_reply("403", "Forbidden", "text/html",
"<html><body>Not allowed from
$si</body></html>");
exit;
}
if ($hu =~ "^/RPC") {
jsonrpc_dispatch();
} else {
xhttp_reply("200", "OK", "text/html",
"<html><body>Wrong URL
$hu</body></html>");
}
return;
}
Now instead of returning 403 forbidden for requests coming from other
src_ip than proxy itsef, I would like to authenticate the http request
via proxy database. How can this be done if possible?
Cheers,
Olli
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda