route[FILTER_REQUEST]
{
    # allow request from internal network or from whitelist
    if (isflagset(FLAG_TRUSTED_SOURCE)) {
        return;
    }

    #  drop requests with no To domain or IP To domain (friendly-scanner)
    if (is_method("REGISTER|SUBSCRIBE")) {
        route(FILTER_TO_DOMAIN);
        route(FILTER_FROM_DOMAIN);
    }

    # drop Invite with IP auth realm
    if (is_method("INVITE")) {
        route(FILTER_REQUEST_DOMAIN);
        route(FILTER_AUTHORIZATION_DOMAIN);
    }
}

route[FILTER_REQUEST_DOMAIN]
{
    if ($rd =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}") {
        xlog("L_WARN", "$ci|end|dropping $rm request with IP domain\n");
        drop();
        exit();
    }
}

route[FILTER_AUTHORIZATION_DOMAIN]
{
    if (is_present_hf("Proxy-Authorization") &&
      $ar =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}" ) {
        xlog("L_WARN", "$ci|end|dropping request with IP domain in Proxy-Authorization header\n");
        drop();
        exit;
    }
}

route[FILTER_FROM_DOMAIN]
{
    if ($fd =~ "([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})") {
        xlog("L_WARN", "$ci|end|dropping request with IP domain in From header\n");
        drop();
        exit;
    }
}

route[FILTER_TO_DOMAIN]
{
    if ($td =~ "([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})") {
        xlog("L_WARN", "$ci|end|dropping request with IP domain in To header\n");
        drop();
        exit;
    }
}