I’m sorry – I should have been more clear in what I was looking at. As a brief summary of the ‘problem’, I see items like this in my logs intermittently (a few times a day):
*** 20(3085) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, state=7, error=4 buf: GET / HTTP/1.0 parsed: GET / HTTP/1.0 24(3089) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, state=7, error=4 buf: GET http://clientapi.ipip.net/echo.php?info=20210311155950 HTTP/1.1 Host: clientapi.ipip.net Accept: */* Pragma: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) *** So, this is just (likely) random scanning from the internet. I mostly just want to remove much of this info from my log files. I’m not serving http on this port. The question about $rP was mostly looking to ignore GET, POST, etc., but I understand that this won’t work due to the fact that it’s message parsing that fails. I was just looking for a way to discard and ignore the bad message rather than trying to process it. Regards, Ben Kaufman [email protected]<mailto:[email protected]> Director of Cloud Operations AltiGen Communications, Inc. From: sr-users <[email protected]> On Behalf Of Alex Balashov Sent: Monday, March 8, 2021 3:08 PM To: Kamailio (SER) - Users Mailing List <[email protected]> Subject: Re: [SR-Users] Best way to ignore HTTP requests How would checking $rP help? Kamailio won’t process HTTP requests on a TCP SIP listener since they lack the SIP/2.0 request line signature. It’ll process them through xhttp, though. Is that the context in which this is an issue? If so, just expose your xhttp resources via an obscure URL ($hu) and deny anything else. — Sent from mobile, with due apologies for brevity and errors. On Mar 8, 2021, at 4:01 PM, Ben Kaufman <[email protected]<mailto:[email protected]>> wrote: I’ve set up a server listening on TCP recently, and notice that I’m receiving intermittent, random HTTP requests from the internet. While it would probably be a good idea to enforce a firewall rule to only allow known hosts to communicate, what would be the best way within Kamailio to ignore http requests? Would just checking $rP work? Regards, Ben Kaufman [email protected]<mailto:[email protected]> Director of Cloud Operations AltiGen Communications, Inc. _______________________________________________ Kamailio (SER) - Users Mailing List [email protected]<mailto:[email protected]> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
