30 Aug
30 Aug
6:10 p.m.
You can't as far as I know. You must use a USer Agent
that does not allow a user to make a calls unless the
UA is registered.
--- rpagquil(a)philonline.com wrote:
---------------------------------
Hi, I'm setting up ser so that unregistered users
can't make any calls to anybody. I have configured to
allow all other domains to make a call to my local
users. But when my local user that is unregistered it
can still make calls to other local users. How would I
do to block him totally? here is my ser.cfg: debug=3
fork=yes log_stderror=yes listen=202.84.24.107
port=5060 children=4 dns=no rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
alias=sip.philonline.com #load module part
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/permissions.so"
#module parameter setup modparam("rr",
"enable_full_lr", 1)
modparam("auth_db|uri_db|usrloc|domain|permissions",
"db_url", "mysql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)
modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "natping_interval", 0)
modparam("mediaproxy", "natping_interval", 30)
modparam("mediaproxy", "mediaproxy_socket",
"/var/run/mediaproxy.sock") modparam("mediaproxy",
"sip_asymmetrics", "/usr/local/etc/ser/sip-clients")
modparam("mediaproxy", "rtp_asymmetrics",
"/usr/local/etc/ser/rtp-clients")
modparam("registrar", "nat_flag", 6) modparam("acc",
"log_level", 2) modparam("acc", "log_fmt",
"cdfimorstup") modparam("acc", "report_ack", 1)
#modparam("acc", "failed_transactions", 1)
modparam("acc", "log_flag", 1) #modparam("acc",
"report_cancels", 1) modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 3) modparam("acc",
"db_url", "mysql://ser:heslo@localhost/ser")
modparam("uri_db", "uri_table", "uri")
modparam("uri_db", "uri_user_column", "username")
modparam("uri_db", "uri_domain_column", "domain")
modparam("domain", "db_mode", 1) modparam("domain",
"domain_table", "domain") modparam("domain",
"domain_col", "domain") modparam("permissions",
"default_allow_file",
"/usr/local/etc/ser/allow.permissions")
modparam("permissions", "default_deny_file",
"/usr/local/etc/ser/deny.permissions") #our routing
logic route { if
(!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too many hops");
break; }; if (msg:len > max_len) {
sl_send_reply("513", "Message overflow");
break; }; ###record
route#### if (method=="INVITE" &&
client_nat_test("3")) {
record_route_preset("202.84.24.107:5060;nat=yes");
} else if (method!="REGISTER") {
record_route(); }; ###call tear down
section### if (method=="BYE" ||
method=="CANCEL") {
end_media_session(); }; ###accounting###
if ((!has_totag() && (method=="INVITE" ||
method=="ACK")) || (method=="BYE")) {
setflag(1); }; ###loose route### if
(loose_route()) { if (has_totag() &&
(method=="INVITE" || method=="ACK")) {
if (client_nat_test("3") ||
search("^Route:.*;nat=yes")) {
setflag(6);
use_media_proxy(); };
}; route(1);
break; }; ###call type processing###
if (uri!=myself) { route(1);
break; }; if (uri==myself) {
if (method=="CANCEL") {
route(3); break;
} else if (method=="INVITE") {
route(3); break;
} else if (method=="REGISTER") {
route(2);
break; };
lookup("aliases"); if (uri!=myself) {
route(1);
break; }; if
(!lookup("location")) {
sl_send_reply("404", "User not found");
break; }; };
route(1); } ##Default message handler## route[1] {
t_on_reply("1"); if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
}; sl_reply_error(); }; }
##Register message handler## route[2] {
sl_send_reply("100", "Trying"); if
(!search("^Contact:\ +\*") && client_nat_test("7")) {
setflag(6);
fix_nated_register(); force_rport();
}; if
(!www_authorize("sip.philonline.com","subscriber")) {
www_challenge("sip.philonline.com","0");
break; }; if (!check_to()) {
sl_send_reply("401", "You are Unauthorized");
break; };
consume_credentials(); if (!save("location"))
{ sl_reply_error(); }; }
##INVITE message Handler## route[3] {
if (client_nat_test("3")) {
setflag(7); force_rport();
fix_nated_contact(); }; if
(!search("To: .*(a)sip.philonline.com")) { if
(!proxy_authorize("","subscriber")) {
proxy_challenge("", "0"); break;
}; if (!check_from() && method=="INVITE")
{ sl_send_reply("403", "User
From=ID"); break; };
}; lookup("aliases"); if
(uri!=myself) { route(1);
break; }; if (!lookup("location"))
{ sl_send_reply("404", "User not
found"); break; }; if
(method=="CANCEL") { route(1);
break; };
consume_credentials(); if (isflagset(6) ||
isflagset(7)) { use_media_proxy();
}; route(1); } onreply_route[1] {
if (isflagset(6) || isflagset(7) &&
(status=~"(180)|(183)|2[0-9][0-9]")) {
if (!search("^Content-Length:\ +0")) {
use_media_proxy(); };
}; if (client_nat_test("1")) {
fix_nated_contact(); }; } Thanks,
--ryanRyan PagquilInfodyne Inc.
(www.philonline.com)Tel. (632)-6870715>
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
8:08 p.m.
Dave wrote:
You can't as far as I know. You must use a USer
Agent
that does not allow a user to make a calls unless the
UA is registered.
You could save the R-Uri and From-Uri into avps, push the saved From-Uri
into R-Uri and call registered(), then push the saved R-Uri to R-Uri to
restore it.
Haven't tried that though.
Andy
31 Aug
31 Aug
1:19 p.m.
Hi,
If I understand well, you just need to put authorization challenge into your
ser.cfg file where INVITE messages are handled, as follows:
if(!proxy_authorize("your.domain","subscriber")){
proxy_challenge("your.domain","0");
sl_send_reply("403","Forbidden");
break;
};
pavol
Citát Dave <ddx66(a)yahoo.com>om>:
You can't as far as I know. You must use a USer
Agent
that does not allow a user to make a calls unless the
UA is registered.
--- rpagquil(a)philonline.com wrote:
---------------------------------
Hi, I'm setting up ser so that unregistered users
can't make any calls to anybody. I have configured to
allow all other domains to make a call to my local
users. But when my local user that is unregistered it
can still make calls to other local users. How would I
do to block him totally? here is my ser.cfg: debug=3
fork=yes log_stderror=yes listen=202.84.24.107
port=5060 children=4 dns=no rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
alias=sip.philonline.com #load module part
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/permissions.so"
#module parameter setup modparam("rr",
"enable_full_lr", 1)
modparam("auth_db|uri_db|usrloc|domain|permissions",
"db_url", "mysql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)
modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "natping_interval", 0)
modparam("mediaproxy", "natping_interval", 30)
modparam("mediaproxy", "mediaproxy_socket",
"/var/run/mediaproxy.sock") modparam("mediaproxy",
"sip_asymmetrics", "/usr/local/etc/ser/sip-clients")
modparam("mediaproxy", "rtp_asymmetrics",
"/usr/local/etc/ser/rtp-clients")
modparam("registrar", "nat_flag", 6) modparam("acc",
"log_level", 2) modparam("acc", "log_fmt",
"cdfimorstup") modparam("acc", "report_ack", 1)
#modparam("acc", "failed_transactions", 1)
modparam("acc", "log_flag", 1) #modparam("acc",
"report_cancels", 1) modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 3) modparam("acc",
"db_url", "mysql://ser:heslo@localhost/ser")
modparam("uri_db", "uri_table", "uri")
modparam("uri_db", "uri_user_column", "username")
modparam("uri_db", "uri_domain_column", "domain")
modparam("domain", "db_mode", 1) modparam("domain",
"domain_table", "domain") modparam("domain",
"domain_col", "domain") modparam("permissions",
"default_allow_file",
"/usr/local/etc/ser/allow.permissions")
modparam("permissions", "default_deny_file",
"/usr/local/etc/ser/deny.permissions") #our routing
logic route { if
(!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too many hops");
break; }; if (msg:len > max_len) {
sl_send_reply("513", "Message overflow");
break; }; ###record
route#### if (method=="INVITE" &&
client_nat_test("3")) {
record_route_preset("202.84.24.107:5060;nat=yes");
} else if (method!="REGISTER") {
record_route(); }; ###call tear down
section### if (method=="BYE" ||
method=="CANCEL") {
end_media_session(); }; ###accounting###
if ((!has_totag() && (method=="INVITE" ||
method=="ACK")) || (method=="BYE")) {
setflag(1); }; ###loose route### if
(loose_route()) { if (has_totag() &&
(method=="INVITE" || method=="ACK")) {
if (client_nat_test("3") ||
search("^Route:.*;nat=yes")) {
setflag(6);
use_media_proxy(); };
}; route(1);
break; }; ###call type processing###
if (uri!=myself) { route(1);
break; }; if (uri==myself) {
if (method=="CANCEL") {
route(3); break;
} else if (method=="INVITE") {
route(3); break;
} else if (method=="REGISTER") {
route(2);
break; };
lookup("aliases"); if (uri!=myself) {
route(1);
break; }; if
(!lookup("location")) {
sl_send_reply("404", "User not found");
break; }; };
route(1); } ##Default message handler## route[1] {
t_on_reply("1"); if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
}; sl_reply_error(); }; }
##Register message handler## route[2] {
sl_send_reply("100", "Trying"); if
(!search("^Contact:\ +\*") && client_nat_test("7")) {
setflag(6);
fix_nated_register(); force_rport();
}; if
(!www_authorize("sip.philonline.com","subscriber")) {
www_challenge("sip.philonline.com","0");
break; }; if (!check_to()) {
sl_send_reply("401", "You are Unauthorized");
break; };
consume_credentials(); if (!save("location"))
{ sl_reply_error(); }; }
##INVITE message Handler## route[3] {
if (client_nat_test("3")) {
setflag(7); force_rport();
fix_nated_contact(); }; if
(!search("To: .*(a)sip.philonline.com")) { if
(!proxy_authorize("","subscriber")) {
proxy_challenge("", "0"); break;
}; if (!check_from() && method=="INVITE")
{ sl_send_reply("403", "User
From=ID"); break; };
}; lookup("aliases"); if
(uri!=myself) { route(1);
break; }; if (!lookup("location"))
{ sl_send_reply("404", "User not
found"); break; }; if
(method=="CANCEL") { route(1);
break; };
consume_credentials(); if (isflagset(6) ||
isflagset(7)) { use_media_proxy();
}; route(1); } onreply_route[1] {
if (isflagset(6) || isflagset(7) &&
(status=~"(180)|(183)|2[0-9][0-9]")) {
if (!search("^Content-Length:\ +0")) {
use_media_proxy(); };
}; if (client_nat_test("1")) {
fix_nated_contact(); }; } Thanks,
--ryanRyan PagquilInfodyne Inc.
(www.philonline.com)Tel. (632)-6870715>
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
1 Sep
1 Sep
2:13 a.m.
Hi,
I'm currently subscribed to iptel.org. Well iptel.org's proxy doesn't
allow unregistered users to call to anybody, I already tried it. Does
having my domain specified in the proxy_authorize section means that
only users from my domain will be asked to register first before they
can place a call? I think I already tried this.. but I'll still test. =)
Thanks,
Ryan
Pavol Segec wrote:
Hi,
If I understand well, you just need to put authorization challenge into your
ser.cfg file where INVITE messages are handled, as follows:
if(!proxy_authorize("your.domain","subscriber")){
proxy_challenge("your.domain","0");
sl_send_reply("403","Forbidden");
break;
};
pavol
Citát Dave <ddx66(a)yahoo.com>om>:
--
Ryan Pagquil
Infodyne Inc. - PhilOnline.com
3603 Antel Global Corporate Center
Doña Julia Vargas Ave.
Ortigas Center Pasig City
Tel: 687-0715
Web: www.philonline.com
You can't as far as I know. You must use a
USer Agent
that does not allow a user to make a calls unless the
UA is registered.
--- rpagquil(a)philonline.com wrote:
---------------------------------
Hi, I'm setting up ser so that unregistered users
can't make any calls to anybody. I have configured to
allow all other domains to make a call to my local
users. But when my local user that is unregistered it
can still make calls to other local users. How would I
do to block him totally? here is my ser.cfg: debug=3
fork=yes log_stderror=yes listen=202.84.24.107
port=5060 children=4 dns=no rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"
alias=sip.philonline.com #load module part
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/domain.so"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
loadmodule "/usr/local/lib/ser/modules/uri_db.so"
loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
loadmodule "/usr/local/lib/ser/modules/nathelper.so"
loadmodule "/usr/local/lib/ser/modules/textops.so"
loadmodule "/usr/local/lib/ser/modules/acc.so"
loadmodule "/usr/local/lib/ser/modules/permissions.so"
#module parameter setup modparam("rr",
"enable_full_lr", 1)
modparam("auth_db|uri_db|usrloc|domain|permissions",
"db_url", "mysql://ser:heslo@localhost/ser")
modparam("auth_db", "calculate_ha1", 1)
modparam("auth_db", "password_column", "password")
modparam("usrloc", "db_mode", 2)
modparam("nathelper", "rtpproxy_disable", 1)
modparam("nathelper", "natping_interval", 0)
modparam("mediaproxy", "natping_interval", 30)
modparam("mediaproxy", "mediaproxy_socket",
"/var/run/mediaproxy.sock") modparam("mediaproxy",
"sip_asymmetrics", "/usr/local/etc/ser/sip-clients")
modparam("mediaproxy", "rtp_asymmetrics",
"/usr/local/etc/ser/rtp-clients")
modparam("registrar", "nat_flag", 6) modparam("acc",
"log_level", 2) modparam("acc", "log_fmt",
"cdfimorstup") modparam("acc", "report_ack", 1)
#modparam("acc", "failed_transactions", 1)
modparam("acc", "log_flag", 1) #modparam("acc",
"report_cancels", 1) modparam("acc", "db_flag", 1)
modparam("acc", "db_missed_flag", 3) modparam("acc",
"db_url", "mysql://ser:heslo@localhost/ser")
modparam("uri_db", "uri_table", "uri")
modparam("uri_db", "uri_user_column", "username")
modparam("uri_db", "uri_domain_column", "domain")
modparam("domain", "db_mode", 1) modparam("domain",
"domain_table", "domain") modparam("domain",
"domain_col", "domain") modparam("permissions",
"default_allow_file",
"/usr/local/etc/ser/allow.permissions")
modparam("permissions", "default_deny_file",
"/usr/local/etc/ser/deny.permissions") #our routing
logic route { if
(!mf_process_maxfwd_header("10")) {
sl_send_reply("483", "Too many hops");
break; }; if (msg:len > max_len) {
sl_send_reply("513", "Message overflow");
break; }; ###record
route#### if (method=="INVITE" &&
client_nat_test("3")) {
record_route_preset("202.84.24.107:5060;nat=yes");
} else if (method!="REGISTER") {
record_route(); }; ###call tear down
section### if (method=="BYE" ||
method=="CANCEL") {
end_media_session(); }; ###accounting###
if ((!has_totag() && (method=="INVITE" ||
method=="ACK")) || (method=="BYE")) {
setflag(1); }; ###loose route### if
(loose_route()) { if (has_totag() &&
(method=="INVITE" || method=="ACK")) {
if (client_nat_test("3") ||
search("^Route:.*;nat=yes")) {
setflag(6);
use_media_proxy(); };
}; route(1);
break; }; ###call type processing###
if (uri!=myself) { route(1);
break; }; if (uri==myself) {
if (method=="CANCEL") {
route(3); break;
} else if (method=="INVITE") {
route(3); break;
} else if (method=="REGISTER") {
route(2);
break; };
lookup("aliases"); if (uri!=myself) {
route(1);
break; }; if
(!lookup("location")) {
sl_send_reply("404", "User not found");
break; }; };
route(1); } ##Default message handler## route[1] {
t_on_reply("1"); if (!t_relay()) {
if (method=="INVITE" || method=="ACK") {
end_media_session();
}; sl_reply_error(); }; }
##Register message handler## route[2] {
sl_send_reply("100", "Trying"); if
(!search("^Contact:\ +\*") && client_nat_test("7")) {
setflag(6);
fix_nated_register(); force_rport();
}; if
(!www_authorize("sip.philonline.com","subscriber")) {
www_challenge("sip.philonline.com","0");
break; }; if (!check_to()) {
sl_send_reply("401", "You are Unauthorized");
break; };
consume_credentials(); if (!save("location"))
{ sl_reply_error(); }; }
##INVITE message Handler## route[3] {
if (client_nat_test("3")) {
setflag(7); force_rport();
fix_nated_contact(); }; if
(!search("To: .*(a)sip.philonline.com")) { if
(!proxy_authorize("","subscriber")) {
proxy_challenge("", "0"); break;
}; if (!check_from() && method=="INVITE")
{ sl_send_reply("403", "User
From=ID"); break; };
}; lookup("aliases"); if
(uri!=myself) { route(1);
break; }; if (!lookup("location"))
{ sl_send_reply("404", "User not
found"); break; }; if
(method=="CANCEL") { route(1);
break; };
consume_credentials(); if (isflagset(6) ||
isflagset(7)) { use_media_proxy();
}; route(1); } onreply_route[1] {
if (isflagset(6) || isflagset(7) &&
(status=~"(180)|(183)|2[0-9][0-9]")) {
if (!search("^Content-Length:\ +0")) {
use_media_proxy(); };
}; if (client_nat_test("1")) {
fix_nated_contact(); }; } Thanks,
--ryanRyan PagquilInfodyne Inc.
(www.philonline.com)Tel. (632)-6870715>
_______________________________________________
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7023
days inactive
7027
days old
4 comments
5 participants
participants (5)
-
Andreas Granig -
Dave -
Pavol Segec -
rpagquil@philonline.com -
Ryan Pagquil