Hi Alex,

Thank You, i'm trying to use this config:

if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si and $(hdr(Record-Route)[0]{nameaddr.uri}) != $null) {
                   xlog("L_INFO","Spoofing attack detected from $si, blocking");
                   exit;
                }

taken from here: https://www.kamailio.org/wiki/tutorials/security/kamailio-security

but, it is not working because as you said the record-route - can be different, like in my case: Record-Route: <sip:192.168.1.1;lr;did=637.07c7c2d7>

Temporarily, i solved using this configuration:

if($(hdr(Record-Route)[0]{nameaddr.uri}) != $null) {
if ( search_hf("Record-Route", ";", "f") ) {
$var(record_route) = $(hdr(Record-Route)[0]{nameaddr.uri}{re.subst,/^sip:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3});.*/\1/});
if($var(record_route)) != $si {
xlogl("L_ERR","Spoofing Attack detected, Blocking\n");
exit;
}
} else {
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si) {
xlogl("L_ERR","Spoofing Attack detected, Blocking\n");
exit;
}
}
};

but, i'm not sure that this is right configuration - and maybe it could be done better. How would you solve this problem?
Thank You.