12 Mar
2018
12 Mar
'18
7:59 p.m.
On 05.03.18 17:40, Ben Hood wrote:
On Mon, Mar 5, 2018 at 9:42 AM, Ben Hood
<0x6e6562(a)gmail.com> wrote:
I would suggest to use address table with permissions module, if you
want to keep the list of ip or subnet addresses in database. Then you
can use allow_source_address("...") in kamailio.cfg. Inside address
table, you can group addresses by an id, which is then given as
parameter to the config function.
Cheers,
Daniel
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com
I'd like to trust HTTP requests from internal
subnets and use the
trusted table to manage permissions from external networks.
Is there a way to configure permissions.allow to trust everything on a
local subnet and use the DB table for everything else? Does the
permissions module even work in that way (i.e. to use two sources of
trust)?
If so, what is the permissions.allow syntax to trust a CIDR?
In the end I put a
subnet check into the xhttp route:
event_route[xhttp:request] {
if(src_ip!=172.16.176.0/24) {
xhttp_reply("403", "Forbidden", "text/html",
"<html><body>Really
not allowed from $si</body></html>");
exit;
}
...
}
This HTTP event handling appears to be independent of the permissions
module, which is what I wanted to achieve.