If you are strictly doing an IP-based auth using the permissions module,
you may define a "Registration Disabled" flag (1/0) within the
"context_info" column of the address table.
You can then extract this info in your script when calling
check_source_address() and drop REGISTERs if set to "1" [1].
However, to me it seems like your feature is subscriber-oriented. Since
a subscriber may have multiple entries in the address table,
I would define the "Registration Disabled" flag as an additional column
in the subscriber table, and fetch it using the "load_credentials" modparam.
[1]:
http://www.opensips.org/html/docs/modules/2.1.x/permissions.html#id294950
[2]: http://www.opensips.org/html/docs/modules/2.1.x/auth_db.html#id293578
Best regards,
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 02.01.2015 17:09, Satish Patel wrote:
Lets say i have user "A" using IP base authentication to send call
outside using Opensips Proxy. ( Same user has option to
Username/Password to register and send calls).
We have developed web GUI to give control control to "customer" so
they can enable/disable their registration base method ( Reason we
give that control to user because if user has dedicated Public IP then
he can disable "Registration" base method so hacker can't exploit
their users accounts.
So my Original question is, How or what i should use or configure in
Opensips so i can switch on/off user base registration? ( We only
allowing to send calls outside, no inbound calls allowed)
Hope it helps you to understand my scenario, Let me know if i am wrong
anywhere in above scenario.
On Wed, Dec 31, 2014 at 1:30 PM, Duane Larson <[email protected]
<mailto:[email protected]>> wrote:
My logic saves the user that is registering into the location
table without challenging them for a password or checking that the
user or domain is local to the OpenSIPs instance. If you are
looking for something more you might want to provide more detail.
This would allow fake accounts to register if they are from a
friendly IP.
On Wednesday, December 31, 2014, Satish Patel
<[email protected] <mailto:[email protected]>> wrote:
How it will help if i want to allow only IP auth for specific
user but not registration auth? How your logic deal with User
level?
On Wed, Dec 31, 2014 at 12:22 PM, Duane Larson
<[email protected]> wrote:
Would you not just do something like this?
If(FriendlyIP && is_method("REGISTER"))
{
if (t_newtran()) {
save("location");
}
exit;
}
On Wed, Dec 31, 2014 at 10:22 AM, Satish Patel
<[email protected]> wrote:
Hi,
We have many users using both registration method and
IP auth method to send calls but i wants if they use
IP Auth method then we can disable registration method
( just prevention from hacking attack).
I believe registration is only required for incoming
calls to find user location, right? How do i tell
opensips don't accept user registration method even
opensips challenge for proxy auth. any suggestion?
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
