ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1085 Commits
23 Branches
2.0 MiB
 
 
Tree: 13e0edb661
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '13e0edb661'
${ noResults }
kazoo-configs-kamailio/kamailio/traffic-filter-role.cfg

81 lines
2.1 KiB
Raw Blame History

route[FILTER_REQUEST]
{
# allow request from internal network or from whitelist
if (isflagset(FLAG_TRUSTED_SOURCE)) {
return;
}
# drop requests with no To domain or IP To domain (friendly-scanner)
if (is_method("REGISTER|SUBSCRIBE")) {
route(FILTER_TO_DOMAIN);
route(FILTER_FROM_DOMAIN);
}
# drop Invite with IP auth realm
if (is_method("INVITE")) {
route(FILTER_REQUEST_DOMAIN);
route(FILTER_AUTHORIZATION_DOMAIN);
}
}
route[FILTER_REQUEST_DOMAIN]
{
if ($rd =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}") {
xlog("L_WARN", "$ci|end|dropping $rm request with IP domain\n");
drop();
exit();
}
}
route[FILTER_AUTHORIZATION_DOMAIN]
{
if (is_present_hf("Proxy-Authorization") &&
$ar =~ "[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}\.[0-9]{1,3}" ) {
xlog("L_WARN", "$ci|end|dropping request with IP domain in Proxy-Authorization header\n");
drop();
exit;
}
}
route[FILTER_FROM_DOMAIN]
{
if ($fd =~ "([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})") {
xlog("L_WARN", "$ci|end|dropping request with IP domain in From header\n");
drop();
exit;
}
}
route[FILTER_TO_DOMAIN]
{
if ($td =~ "([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})") {
xlog("L_WARN", "$ci|end|dropping request with IP domain in To header\n");
drop();
exit;
}
}
route[CCP_SECURITY_CHECKS] {
#!ifdef WITH_CCP_SECURITY_CHECKS
if (is_method("INVITE|REGISTER")) {
if($ua =~ "(friendly-scanner|sipvicious|pplsip)") {
xlog("$ci|block|Fail2Ban blocking traffic from $si Script Kiddie trying to exploit\n");
drop();
exit;
}
if($au =~ "(\=)|(\-\-)|(')|(\#)|(\%27)|(\%24)" and $au != $null) {
xlog("$ci|block|Fail2Ban blocking traffic from $si SQL Injection attack over SIP\n");
drop();
exit;
}
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si and $(hdr(Record-Route)[0]{nameaddr.uri}) != $null) {
xlog("$ci|block|Fail2Ban blocking traffic from $si Spoofing attack over SIP\n");
drop();
exit;
}
}
#!endif
}