I think what I am going to do is use a combination of:
1. Whitelist my gateway IPs.
2. Any initial INVITES from non-gateway IPs will be authorized and the dialog be added to a simple htable based on callid
3. Any in-dialog will do a lookup on the htable so that authorization isn't required on bye and the like.
Does this seem a reasonable course of action?
One question, what is the best way to whitelist a few (3) gateways? I'd rather not do if($si == "ip1" || $si == "ip2" || $si == "ip3"){ Is there any sort of if(in_array($si,"whitelist")){ functionality or a way to iterate through an array of whitelisted ips? (I do not want to configure database support if possible)
Thanks for the help so far! -Eric
Date: Mon, 11 Apr 2011 13:18:10 -0400 From: abalashov@evaristesys.com To: sr-users@lists.sip-router.org Subject: Re: [SR-Users] loose_route security
On 04/11/2011 01:10 PM, Henning Westerholt wrote:
Hi Klaus,
sure, there are issues. But we're using the dialog module since now since some time in our production setup and it works fine for this particular feature set.
Oh, yeah. I'm a happy and extensive long-time user of the dialog module too.
-- Alex Balashov - Principal Evariste Systems LLC 260 Peachtree Street NW Suite 2200 Atlanta, GA 30303 Tel: +1-678-954-0670 Fax: +1-404-961-1892 Web: http://www.evaristesys.com/
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users