[Serusers] Blocking calls from unregistered users

List overview All Threads
Download

newer

older

[Serusers] Dchp or Static ip

[Users] DROP statement

rpagquil＠philonline.com

27 Aug 2005 27 Aug '05

2:21 a.m.

Attachments:

attachment.html (text/html — 8.5 KB)

Show replies by date

Dave

30 Aug 30 Aug

3:10 p.m.

You can't as far as I know. You must use a USer Agent that does not allow a user to make a calls unless the UA is registered.

--- rpagquil@philonline.com wrote:

--------------------------------- Hi, I'm setting up ser so that unregistered users can't make any calls to anybody. I have configured to allow all other domains to make a call to my local users. But when my local user that is unregistered it can still make calls to other local users. How would I do to block him totally? here is my ser.cfg: debug=3 fork=yes log_stderror=yes listen=202.84.24.107 port=5060 children=4 dns=no rev_dns=no fifo="/tmp/ser_fifo" fifo_db_url="mysql://ser:heslo@localhost/ser" alias=sip.philonline.com #load module part loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/domain.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/uri_db.so" loadmodule "/usr/local/lib/ser/modules/mediaproxy.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/permissions.so" #module parameter setup modparam("rr", "enable_full_lr", 1) modparam("auth_db|uri_db|usrloc|domain|permissions", "db_url", "mysql://ser:heslo@localhost/ser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("usrloc", "db_mode", 2) modparam("nathelper", "rtpproxy_disable", 1) modparam("nathelper", "natping_interval", 0) modparam("mediaproxy", "natping_interval", 30) modparam("mediaproxy", "mediaproxy_socket", "/var/run/mediaproxy.sock") modparam("mediaproxy", "sip_asymmetrics", "/usr/local/etc/ser/sip-clients") modparam("mediaproxy", "rtp_asymmetrics", "/usr/local/etc/ser/rtp-clients") modparam("registrar", "nat_flag", 6) modparam("acc", "log_level", 2) modparam("acc", "log_fmt", "cdfimorstup") modparam("acc", "report_ack", 1) #modparam("acc", "failed_transactions", 1) modparam("acc", "log_flag", 1) #modparam("acc", "report_cancels", 1) modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 3) modparam("acc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("uri_db", "uri_table", "uri") modparam("uri_db", "uri_user_column", "username") modparam("uri_db", "uri_domain_column", "domain") modparam("domain", "db_mode", 1) modparam("domain", "domain_table", "domain") modparam("domain", "domain_col", "domain") modparam("permissions", "default_allow_file", "/usr/local/etc/ser/allow.permissions") modparam("permissions", "default_deny_file", "/usr/local/etc/ser/deny.permissions") #our routing logic route { if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too many hops"); break; }; if (msg:len > max_len) { sl_send_reply("513", "Message overflow"); break; }; ###record route#### if (method=="INVITE" && client_nat_test("3")) { record_route_preset("202.84.24.107:5060;nat=yes"); } else if (method!="REGISTER") { record_route(); }; ###call tear down section### if (method=="BYE" || method=="CANCEL") { end_media_session(); }; ###accounting### if ((!has_totag() && (method=="INVITE" || method=="ACK")) || (method=="BYE")) { setflag(1); }; ###loose route### if (loose_route()) { if (has_totag() && (method=="INVITE" || method=="ACK")) { if (client_nat_test("3") || search("^Route:.*;nat=yes")) { setflag(6); use_media_proxy(); }; }; route(1); break; }; ###call type processing### if (uri!=myself) { route(1); break; }; if (uri==myself) { if (method=="CANCEL") { route(3); break; } else if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; }; lookup("aliases"); if (uri!=myself) { route(1); break; }; if (!lookup("location")) { sl_send_reply("404", "User not found"); break; }; }; route(1); } ##Default message handler## route[1] { t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); }; } ##Register message handler## route[2] { sl_send_reply("100", "Trying"); if (!search("^Contact:\ +*") && client_nat_test("7")) { setflag(6); fix_nated_register(); force_rport(); }; if (!www_authorize("sip.philonline.com","subscriber")) {

www_challenge("sip.philonline.com","0"); break; }; if (!check_to()) { sl_send_reply("401", "You are Unauthorized"); break; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; } ##INVITE message Handler## route[3] { if (client_nat_test("3")) { setflag(7); force_rport(); fix_nated_contact(); }; if (!search("To: .*@sip.philonline.com")) { if (!proxy_authorize("","subscriber")) { proxy_challenge("", "0"); break; }; if (!check_from() && method=="INVITE") { sl_send_reply("403", "User From=ID"); break; }; }; lookup("aliases"); if (uri!=myself) { route(1); break; }; if (!lookup("location")) { sl_send_reply("404", "User not found"); break; }; if (method=="CANCEL") { route(1); break; }; consume_credentials(); if (isflagset(6) || isflagset(7)) { use_media_proxy(); }; route(1); } onreply_route[1] { if (isflagset(6) || isflagset(7) && (status=~"(180)|(183)|2[0-9][0-9]")) { if (!search("^Content-Length:\ +0")) { use_media_proxy(); }; }; if (client_nat_test("1")) { fix_nated_contact(); }; } Thanks, --ryanRyan PagquilInfodyne Inc. (www.philonline.com)Tel. (632)-6870715> _______________________________________________

...

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs

Andreas Granig

5:08 p.m.

Dave wrote:

...

You can't as far as I know. You must use a USer Agent that does not allow a user to make a calls unless the UA is registered.

You could save the R-Uri and From-Uri into avps, push the saved From-Uri into R-Uri and call registered(), then push the saved R-Uri to R-Uri to restore it.

Haven't tried that though.

Andy

Pavol Segec

31 Aug 31 Aug

10:19 a.m.

Hi,

If I understand well, you just need to put authorization challenge into your ser.cfg file where INVITE messages are handled, as follows:

if(!proxy_authorize("your.domain","subscriber")){ proxy_challenge("your.domain","0"); sl_send_reply("403","Forbidden"); break; };

pavol

Citát Dave ddx66@yahoo.com:

...

You can't as far as I know. You must use a USer Agent that does not allow a user to make a calls unless the UA is registered.

--- rpagquil@philonline.com wrote:

Hi, I'm setting up ser so that unregistered users can't make any calls to anybody. I have configured to allow all other domains to make a call to my local users. But when my local user that is unregistered it can still make calls to other local users. How would I do to block him totally? here is my ser.cfg: debug=3 fork=yes log_stderror=yes listen=202.84.24.107 port=5060 children=4 dns=no rev_dns=no fifo="/tmp/ser_fifo" fifo_db_url="mysql://ser:heslo@localhost/ser" alias=sip.philonline.com #load module part loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/domain.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/uri_db.so" loadmodule "/usr/local/lib/ser/modules/mediaproxy.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/permissions.so" #module parameter setup modparam("rr", "enable_full_lr", 1) modparam("auth_db|uri_db|usrloc|domain|permissions", "db_url", "mysql://ser:heslo@localhost/ser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("usrloc", "db_mode", 2) modparam("nathelper", "rtpproxy_disable", 1) modparam("nathelper", "natping_interval", 0) modparam("mediaproxy", "natping_interval", 30) modparam("mediaproxy", "mediaproxy_socket", "/var/run/mediaproxy.sock") modparam("mediaproxy", "sip_asymmetrics", "/usr/local/etc/ser/sip-clients") modparam("mediaproxy", "rtp_asymmetrics", "/usr/local/etc/ser/rtp-clients") modparam("registrar", "nat_flag", 6) modparam("acc", "log_level", 2) modparam("acc", "log_fmt", "cdfimorstup") modparam("acc", "report_ack", 1) #modparam("acc", "failed_transactions", 1) modparam("acc", "log_flag", 1) #modparam("acc", "report_cancels", 1) modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 3) modparam("acc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("uri_db", "uri_table", "uri") modparam("uri_db", "uri_user_column", "username") modparam("uri_db", "uri_domain_column", "domain") modparam("domain", "db_mode", 1) modparam("domain", "domain_table", "domain") modparam("domain", "domain_col", "domain") modparam("permissions", "default_allow_file", "/usr/local/etc/ser/allow.permissions") modparam("permissions", "default_deny_file", "/usr/local/etc/ser/deny.permissions") #our routing logic route { if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too many hops"); break; }; if (msg:len > max_len) { sl_send_reply("513", "Message overflow"); break; }; ###record route#### if (method=="INVITE" && client_nat_test("3")) { record_route_preset("202.84.24.107:5060;nat=yes"); } else if (method!="REGISTER") { record_route(); }; ###call tear down section### if (method=="BYE" || method=="CANCEL") { end_media_session(); }; ###accounting### if ((!has_totag() && (method=="INVITE" || method=="ACK")) || (method=="BYE")) { setflag(1); }; ###loose route### if (loose_route()) { if (has_totag() && (method=="INVITE" || method=="ACK")) { if (client_nat_test("3") || search("^Route:.*;nat=yes")) { setflag(6); use_media_proxy(); }; }; route(1); break; }; ###call type processing### if (uri!=myself) { route(1); break; }; if (uri==myself) { if (method=="CANCEL") { route(3); break; } else if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; }; lookup("aliases"); if (uri!=myself) { route(1); break; }; if (!lookup("location")) { sl_send_reply("404", "User not found"); break; }; }; route(1); } ##Default message handler## route[1] { t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); }; } ##Register message handler## route[2] { sl_send_reply("100", "Trying"); if (!search("^Contact:\ +*") && client_nat_test("7")) { setflag(6); fix_nated_register(); force_rport(); }; if (!www_authorize("sip.philonline.com","subscriber")) {

www_challenge("sip.philonline.com","0"); break; }; if (!check_to()) { sl_send_reply("401", "You are Unauthorized"); break; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; } ##INVITE message Handler## route[3] { if (client_nat_test("3")) { setflag(7); force_rport(); fix_nated_contact(); }; if (!search("To: .*@sip.philonline.com")) { if (!proxy_authorize("","subscriber")) { proxy_challenge("", "0"); break; }; if (!check_from() && method=="INVITE") { sl_send_reply("403", "User From=ID"); break; }; }; lookup("aliases"); if (uri!=myself) { route(1); break; }; if (!lookup("location")) { sl_send_reply("404", "User not found"); break; }; if (method=="CANCEL") { route(1); break; }; consume_credentials(); if (isflagset(6) || isflagset(7)) { use_media_proxy(); }; route(1); } onreply_route[1] { if (isflagset(6) || isflagset(7) && (status=~"(180)|(183)|2[0-9][0-9]")) { if (!search("^Content-Length:\ +0")) { use_media_proxy(); }; }; if (client_nat_test("1")) { fix_nated_contact(); }; } Thanks, --ryanRyan PagquilInfodyne Inc. (www.philonline.com)Tel. (632)-6870715> _______________________________________________

...
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

Ryan Pagquil

11:13 p.m.

Hi, I'm currently subscribed to iptel.org. Well iptel.org's proxy doesn't allow unregistered users to call to anybody, I already tried it. Does having my domain specified in the proxy_authorize section means that only users from my domain will be asked to register first before they can place a call? I think I already tried this.. but I'll still test. =)

Thanks, Ryan

Pavol Segec wrote:

...

Hi,

If I understand well, you just need to put authorization challenge into your ser.cfg file where INVITE messages are handled, as follows:

if(!proxy_authorize("your.domain","subscriber")){ proxy_challenge("your.domain","0"); sl_send_reply("403","Forbidden"); break; };

pavol

Citát Dave ddx66@yahoo.com:

...
You can't as far as I know. You must use a USer Agent that does not allow a user to make a calls unless the UA is registered.

--- rpagquil@philonline.com wrote:

Hi, I'm setting up ser so that unregistered users can't make any calls to anybody. I have configured to allow all other domains to make a call to my local users. But when my local user that is unregistered it can still make calls to other local users. How would I do to block him totally? here is my ser.cfg: debug=3 fork=yes log_stderror=yes listen=202.84.24.107 port=5060 children=4 dns=no rev_dns=no fifo="/tmp/ser_fifo" fifo_db_url="mysql://ser:heslo@localhost/ser" alias=sip.philonline.com #load module part loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/domain.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/uri.so" loadmodule "/usr/local/lib/ser/modules/uri_db.so" loadmodule "/usr/local/lib/ser/modules/mediaproxy.so" loadmodule "/usr/local/lib/ser/modules/nathelper.so" loadmodule "/usr/local/lib/ser/modules/textops.so" loadmodule "/usr/local/lib/ser/modules/acc.so" loadmodule "/usr/local/lib/ser/modules/permissions.so" #module parameter setup modparam("rr", "enable_full_lr", 1) modparam("auth_db|uri_db|usrloc|domain|permissions", "db_url", "mysql://ser:heslo@localhost/ser") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") modparam("usrloc", "db_mode", 2) modparam("nathelper", "rtpproxy_disable", 1) modparam("nathelper", "natping_interval", 0) modparam("mediaproxy", "natping_interval", 30) modparam("mediaproxy", "mediaproxy_socket", "/var/run/mediaproxy.sock") modparam("mediaproxy", "sip_asymmetrics", "/usr/local/etc/ser/sip-clients") modparam("mediaproxy", "rtp_asymmetrics", "/usr/local/etc/ser/rtp-clients") modparam("registrar", "nat_flag", 6) modparam("acc", "log_level", 2) modparam("acc", "log_fmt", "cdfimorstup") modparam("acc", "report_ack", 1) #modparam("acc", "failed_transactions", 1) modparam("acc", "log_flag", 1) #modparam("acc", "report_cancels", 1) modparam("acc", "db_flag", 1) modparam("acc", "db_missed_flag", 3) modparam("acc", "db_url", "mysql://ser:heslo@localhost/ser") modparam("uri_db", "uri_table", "uri") modparam("uri_db", "uri_user_column", "username") modparam("uri_db", "uri_domain_column", "domain") modparam("domain", "db_mode", 1) modparam("domain", "domain_table", "domain") modparam("domain", "domain_col", "domain") modparam("permissions", "default_allow_file", "/usr/local/etc/ser/allow.permissions") modparam("permissions", "default_deny_file", "/usr/local/etc/ser/deny.permissions") #our routing logic route { if (!mf_process_maxfwd_header("10")) { sl_send_reply("483", "Too many hops"); break; }; if (msg:len > max_len) { sl_send_reply("513", "Message overflow"); break; }; ###record route#### if (method=="INVITE" && client_nat_test("3")) { record_route_preset("202.84.24.107:5060;nat=yes"); } else if (method!="REGISTER") { record_route(); }; ###call tear down section### if (method=="BYE" || method=="CANCEL") { end_media_session(); }; ###accounting### if ((!has_totag() && (method=="INVITE" || method=="ACK")) || (method=="BYE")) { setflag(1); }; ###loose route### if (loose_route()) { if (has_totag() && (method=="INVITE" || method=="ACK")) { if (client_nat_test("3") || search("^Route:.*;nat=yes")) { setflag(6); use_media_proxy(); }; }; route(1); break; }; ###call type processing### if (uri!=myself) { route(1); break; }; if (uri==myself) { if (method=="CANCEL") { route(3); break; } else if (method=="INVITE") { route(3); break; } else if (method=="REGISTER") { route(2); break; }; lookup("aliases"); if (uri!=myself) { route(1); break; }; if (!lookup("location")) { sl_send_reply("404", "User not found"); break; }; }; route(1); } ##Default message handler## route[1] { t_on_reply("1"); if (!t_relay()) { if (method=="INVITE" || method=="ACK") { end_media_session(); }; sl_reply_error(); }; } ##Register message handler## route[2] { sl_send_reply("100", "Trying"); if (!search("^Contact:\ +*") && client_nat_test("7")) { setflag(6); fix_nated_register(); force_rport(); }; if (!www_authorize("sip.philonline.com","subscriber")) {

www_challenge("sip.philonline.com","0"); break; }; if (!check_to()) { sl_send_reply("401", "You are Unauthorized"); break; }; consume_credentials(); if (!save("location")) { sl_reply_error(); }; } ##INVITE message Handler## route[3] { if (client_nat_test("3")) { setflag(7); force_rport(); fix_nated_contact(); }; if (!search("To: .*@sip.philonline.com")) { if (!proxy_authorize("","subscriber")) { proxy_challenge("", "0"); break; }; if (!check_from() && method=="INVITE") { sl_send_reply("403", "User From=ID"); break; }; }; lookup("aliases"); if (uri!=myself) { route(1); break; }; if (!lookup("location")) { sl_send_reply("404", "User not found"); break; }; if (method=="CANCEL") { route(1); break; }; consume_credentials(); if (isflagset(6) || isflagset(7)) { use_media_proxy(); }; route(1); } onreply_route[1] { if (isflagset(6) || isflagset(7) && (status=~"(180)|(183)|2[0-9][0-9]")) { if (!search("^Content-Length:\ +0")) { use_media_proxy(); }; }; if (client_nat_test("1")) { fix_nated_contact(); }; } Thanks, --ryanRyan PagquilInfodyne Inc. (www.philonline.com)Tel. (632)-6870715> _______________________________________________

...
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

-- Ryan Pagquil Infodyne Inc. - PhilOnline.com 3603 Antel Global Corporate Center Doña Julia Vargas Ave. Ortigas Center Pasig City Tel: 687-0715 Web: www.philonline.com

7171

Age (days ago)

7175

Last active (days ago)

sr-users@lists.kamailio.org

4 comments

5 participants

tags (0)

participants (5)

Andreas Granig
Dave
Pavol Segec
rpagquil＠philonline.com
Ryan Pagquil