Hello,

I think auth_check() returns a particular code if the user doesn't exits -- see the readme and add the return code to the switch along with the -2 value.

Alternative, you can use the function is_subscriber() from auth_db module to detect if the user exists or not, and if not, ban it directly without

Cheers,
Daniel

On 15/03/16 12:55, meres gr wrote:

I am using the following script to ban users failing to authenticate with fail2ban:
My problem is that it logs attempts of users only existing to the database

I would like to modify it in order to log all FAILED authentication attempts

Is this possible?

# Authentication route

route[AUTH] {

#!ifdef WITH_AUTH

if(is_present_hf("Authorization"))

{

if($sht(a=>$au::auth_count)==3)

{

$var(exp) = $Ts - 900;

if($sht(a=>$au::last_auth) > $var(exp))

{

sl_send_reply("403", "Try later");

exit;

} else {

$sht(a=>$au::auth_count) = 0;

}

}

if(!www_authenticate("$td", "subscriber"))

{

switch ($retcode) {

case -1:

sl_send_reply("403", "Forbidden");

exit;

case -2:

#fixed null -> $null:

if($sht(a=>$au::auth_count) == $null)

$sht(a=>$au::auth_count) = 0;

$sht(a=>$au::auth_count) = $sht(a=>$au::auth_count) + 1;

xlog("User $fu Authenticating from ip $si\n");

if($sht(a=>$au::auth_count) == 3)

xlog("User $fU Authenticating for the 3d time from ip $si\n");

$sht(a=>$au::last_auth) = $Ts;

break;

}

www_challenge("$td"/*realm*/,"0"/*qop*/);

exit;

}

$sht(a=>$au::auth_count) = 0;

} else {

www_challenge("$td","0");

exit;

}

}

#!endif
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, Berlin, May 18-20, 2016 - http://www.kamailioworld.com