Hi, I did modify my (a little-bit confused) loose route to loose route only INVITES/ACK with totags (has_totag). The rest should be going through the normal ACL procedures.
But, could not a request relayed through other proxies also have a to tag aswell? (and then again bypass security?)
br hw
man, 13,.03.2006 kl. 16.20 +0200, skrev Juha Heinanen:
Helge Waastad writes:
I have a UA (ekiga) which adds a Route:<OBP>;lr in INVITE Is this "legal"?
i'm pretty sure that rfc3261 allows so called pre-loaded route sets in initial requests, but for security reasons, many proxy configurations deny them. i too found recently that nokia phones, when configured to use sip, add by default a route header pointing to the outbound proxy.
rather that simply rejecting initial requests with pre-loaded route sets, it might be possible to configure the proxy to allow them, but only if there is a single route entry that points to the proxy itself. i haven't had time to think how this could be tested in openser.cfg.
-- juha