This may be difficult considering that ACL needs to consider the original src IP/URI. To do that it, freeswitch would need to do so using a header that retains that information (i.e. From, Via, Contact, etc.). Which I do not believe is currently possible using auth-acl or apply-proxy-acl.
However, you should be able to emulate the behavior using mod_xml_curl (and validating against appropriate variables available when using it to authenticate the request). see: http://wiki.freeswitch.org/wiki/Mod_xml_curl#Authorization -metik Bill W wrote: > Hey Brian, > > > I've been doing some testing and I am unable to get auth-calls to work > through a proxy the way I want them to, even with setting > apply-proxy-acl to either the endpoint IP or the proxy IP. > > I have a multi-tenant system with multiple domains with multiple users > in each domain. And I want to restrict a user to an arbitrary CIDR and > challenge them for a password. The arbitrary CIDR will vary from UA to > UA, and is specified in the directory via the auth-acl parameter. > > TL,DR; I want to get auth-calls to use the IP of the UA endpoint, not of > the proxy. > > > Thanks, > Bill > > Brian West wrote: > >> it needs to be an ACL from acl.conf or a ip/cidr >> >> /b >> >> On Dec 17, 2009, at 5:41 AM, Bill W wrote: >> >> >>> Okay, I added: <param name="apply-proxy-acl" value="true"/> to my sofia >>> profile and restarted sofia, and still no joy. >>> >>> I'm on FreeSWITCH Version 1.0.trunk (15764) >>> I've got <param name="auth-acl" value="190.218.103.12/32"></param> in >>> the directory, but I'm still being rejected by the acl: >>> >>> 2009-12-17 06:04:59.920517 [WARNING] sofia_reg.c:1928 IP 64.135.119.105 >>> Rejected by user acl 190.218.103.12/32 >>> >>> Here's what I believe is the appropriate snippet of the debug output: >>> http://pastebin.freeswitch.org/11531 >>> >>> Thoughts? >>> Thanks, >>> Bill >>> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> FreeSWITCH-users mailing list >> FreeSWITCH-users@lists.freeswitch.org >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users >> http://www.freeswitch.org >> > > _______________________________________________ > FreeSWITCH-users mailing list > FreeSWITCH-users@lists.freeswitch.org > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org > > _______________________________________________ FreeSWITCH-users mailing list FreeSWITCH-users@lists.freeswitch.org http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org