I’m sorry – I should have been more clear in what I was looking at.

As a brief summary of the ‘problem’, I see items like this in my logs 
intermittently (a few times a day):

***
20(3085) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, 
state=7, error=4 buf:
GET / HTTP/1.0


parsed:
GET / HTTP/1.0


24(3089) ERROR: <core> [core/tcp_read.c:1531]: tcp_read_req(): bad request, 
state=7, error=4 buf:
GET http://clientapi.ipip.net/echo.php?info=20210311155950 HTTP/1.1
Host: clientapi.ipip.net
Accept: */*
Pragma: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64)
***

So, this is just (likely) random scanning from the internet.   I mostly just 
want to remove much of this info from my log files.  I’m not serving http on 
this port.  The question about $rP was mostly looking to ignore GET, POST, 
etc., but I understand that this won’t work due to the fact that it’s message 
parsing that fails.  I was just looking for a way to discard and ignore the bad 
message rather than trying to process it.


Regards,

Ben Kaufman
[email protected]<mailto:[email protected]>
Director of Cloud Operations
AltiGen Communications, Inc.

From: sr-users <[email protected]> On Behalf Of Alex Balashov
Sent: Monday, March 8, 2021 3:08 PM
To: Kamailio (SER) - Users Mailing List <[email protected]>
Subject: Re: [SR-Users] Best way to ignore HTTP requests

How would checking $rP help?

Kamailio won’t process HTTP requests on a TCP SIP listener since they lack the 
SIP/2.0 request line signature.

It’ll process them through xhttp, though. Is that the context in which this is 
an issue? If so, just expose your xhttp resources via an obscure URL ($hu) and 
deny anything else.

—
Sent from mobile, with due apologies for brevity and errors.


On Mar 8, 2021, at 4:01 PM, Ben Kaufman 
<[email protected]<mailto:[email protected]>> wrote:

I’ve set up a server listening on TCP recently, and notice that I’m receiving 
intermittent, random HTTP requests from the internet.  While it would probably 
be a good idea to enforce a firewall rule to only allow known hosts to 
communicate, what would be the best way within Kamailio to ignore http 
requests?  Would just checking $rP work?

Regards,

Ben Kaufman
[email protected]<mailto:[email protected]>
Director of Cloud Operations
AltiGen Communications, Inc.

_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]<mailto:[email protected]>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to