William Carl schrieb:
Dear Friends,
As i observe , i could see , all the UDP requests going through wapbox
are taking MSISDN for each request . This is about security and the
privacy issue. How can we remove that problem , by implementing only for
selected HOSTS/URLS ?
Hi William,
the normal Kannel can't do that unfortunately. The MSISDN provisioning, hence
client IP resolving to MSISDN via the RADIUS accounting proxy will be performed
for EVERY request passing the system.
The Kannel CG (carrier-grade) WAP 1.2.1/2.0 version, which includes a custom
squid module implementation for integrating the WAP 1.x requests via the proxy,
has this ability, by doing the MSISDN (and other RADIUS accounting fields, i.e.
GGSN ID etc.
Here is a look into the squid.conf section:
# OPTIONS FOR Kannel-CG WAP Gateway
# -----------------------------------------------------------------------------
# TAG: kannel_config
# Filename of the Kannel-CG configuration file containing the Kannel
# groups for the RADIS accounting (MSISDN) provisioning information.
#
#Default:
# kannel_config kannel.conf
kannel_config /opt/kannel-cg/etc/wap2kannel.conf
# TAG: kannel_radius_resolve
# Allowing or Denying the MSISDN/RADIUS resolving of the client IP
# to the corresponding HTTP headers as defined in 'kannel_config'
# file, groups 'radius-attr', which are forwarded to the target HTTP
# server.
#
# In example this can be used to define the target domains that will get
# the resolved HTTP headers. This reduces overhead on the resolving
# storage space (ie. sqlite3 DB) and also enables a better privacy
# handling.
#
# For example:
#
# acl our_portal dstdomain .foobar.com
# acl partner_portals dstdomain .example1.com .example2.com .example3.com
# acl partner_portals_more dstdom_regex
\.(example1|example2|example3)\.com
# kannel_radius_resolve allow our_portal
# kannel_radius_resolve allow partner_portals
#
#Default:
# kannel_radius_resolve deny all
so you can define acl lists via domain prefix/suffix and then define if you want
them to be allowed to receive the MSISDN information or not (allow, deny).
This mechanism allows you to fine grain.
Stipe
-------------------------------------------------------------------
Kölner Landstrasse 419
40589 Düsseldorf, NRW, Germany
tolj.org system architecture Kannel Software Foundation (KSF)
http://www.tolj.org/ http://www.kannel.org/
mailto:st_{at}_tolj.org mailto:stolj_{at}_kannel.org
-------------------------------------------------------------------
