ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
Browse Source

created a role to enable traffic filters, strip custom headers, and remove diversion headers for now

3.17
karl anderson 12 years ago
parent
91a846d566
commit
5c861c8763
3 changed files with 17 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +8
    -2
      kamailio/default.cfg
  2. +8
    -0
      kamailio/registrar-role.cfg
  3. +1
    -0
      kamailio/roles.cfg

+ 8
- 2
kamailio/default.cfg View File

@ -206,13 +206,17 @@ route
xlog("L_INFO", "$ci|log|from $fu");
xlog("L_INFO", "$ci|log|to $tu");
remove_hf_re("Diversion: .*");
route(SANITY_CHECK);
#!ifdef DISPATCHER-ROLE
route(DISPATCHER_CLASSIFY_SOURCE);
#!endif
#!ifdef TRAFFIC-FILTER-ROLE
route(DOS_PREVENTION);
#!endif
route(HANDLE_OPTIONS);
@ -275,9 +279,11 @@ route[HANDLE_OPTIONS]
if (is_method("OPTIONS")) {
if (isflagset(FLAG_INTERNALLY_SOURCED)) {
route(INTERNAL_TO_EXTERNAL_RELAY);
#!ifdef TRAFFIC-FILTER-ROLE
} else if (!isflagset(FLAG_TRUSTED_SOURCE)
&& $rd =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}") {
xlog("L_WARN", "$ci|end|dropping OPTIONS request with IP domain");
#!endif
} else {
sl_send_reply("200", "Rawr!!");
}
@ -378,7 +384,7 @@ route[RELAY]
route[INTERNAL_TO_EXTERNAL_RELAY]
{
remove_hf("X-AUTH-IP");
remove_hf_re("X-.*");
t_on_reply("EXTERNAL_REPLY");
@ -395,7 +401,7 @@ route[EXTERNAL_TO_INTERNAL_RELAY]
}
#!endif
remove_hf("X-AUTH-IP");
remove_hf_re("X-.*");
append_hf("X-AUTH-IP: $si\r\n");
t_on_reply("INTERNAL_REPLY");


+ 8
- 0
kamailio/registrar-role.cfg View File

@ -39,7 +39,9 @@ route[HANDLE_REGISTER]
{
if (is_method("REGISTER")) {
#!ifdef TRAFFIC-FILTER-ROLE
route(DOMAIN_FORMAT_CHECK);
#!endif
#!ifdef NAT-TRAVERSAL-ROLE
if (nat_uac_test("3")) {
@ -55,17 +57,23 @@ route[HANDLE_REGISTER]
if (is_present_hf("Authorization")) {
#!ifdef TRAFFIC-FILTER-ROLE
if (!route(PREVENT_BRUTEFORCE)) {
auth_challenge("$fd", "0");
exit;
}
#!endif
if ($sht(auth_cache=>$Au) != $null && pv_auth_check("$fd", "$sht(auth_cache=>$Au)", "0", "0")) {
xlog("L_DBG", "$ci|log|authenticated $Au via cached SIP creds");
} else {
## RABBITMQ - Credentials fetch
if (!auth_check("$fd", "subscriber", "1")) {
#!ifdef TRAFFIC-FILTER-ROLE
route(FAILED_AUTH_COUNT);
#!endif
auth_challenge("$fd", "0");
xlog("L_INFO", "$ci|end|issued new auth challenge to failed registration attempt");
exit;


+ 1
- 0
kamailio/roles.cfg View File

@ -3,5 +3,6 @@
#!trydef NAT-TRAVERSAL-ROLE
#!trydef REGISTRAR-ROLE
#!trydef PRESENCE-ROLE
#!trydef TRAFFIC-FILTER-ROLE
## vim:set tabstop=4 softtabstop=4 shiftwidth=4 expandtab

Write Preview
Loading…
Cancel
Save