Hello, Also you can use REDIS or HASH to mark IP as allowed on register.
On 12 Dec 2016, at 19:27, Schneur Rosenberg <[email protected]> wrote: > Thanks Razvan, I had no choice and I did it the non lazy way, we have lots of > carriers for incoming DID's, until now I did not want to have the headache of > constantly updating my carriers IP's used for incoming traffic, so I allowed > unauthenticated DID calls to come in from any IP address, but it was really > not smart, I needed to do extra database queries, and my database even > crashed once when someone brute forced my server and by the time the firewall > script kicked in to block him my database has crashed because it was doing a > MYSQL query for each invite. > > So now I use the permission module to load all did providers IP addresses and > therefore I don't need to do extra tests and queries on every single INVITE > and all my problems have been solved :-) > > On Mon, Dec 5, 2016 at 11:03 AM, Răzvan Crainea <[email protected]> wrote: > Hi, Schneur! > > The second parameter of the is_ip_registered() function[1] should be the AOR > of the caller, in the sip:SIP_USER@SIP_DOMAIN format. The source IP is only > checked against the contacts of that specific subscriber. > However, if I understand correctly, your problem is determining what is the > correct AOR to use, because the From username and domain might be different > between REGISTER and INVITE, right? If that's the case, you don't have that > many choices: either you search through all registered IPs (but there is no > OpenSIPS function to do that, so you'll need someting external as you've > already done), or you create some sort of mappings between the REGISTER and > INVITE users/formats. Or you impose your customers to comply with a specific > format, that can help you figure out the mapping. > > [1] http://www.opensips.org/html/docs/modules/2.2.x/registrar.html#id294953 > > Best regards, > Răzvan Crainea > OpenSIPS Solutions > www.opensips-solutions.com > On 12/04/2016 01:20 PM, Schneur Rosenberg wrote: >> Hi, I would like to check during the initial invite if the request comes >> from a IP that is registered (I don't care about the user credentials at >> this time), I use it to know if the invite is from a registered user or if >> it is from a unauthenticated source (DID's or hacking attempt) I can't use >> is_contact_registered() because not all clients send the user name in the >> initial invite, and they only send it in the authentication username which >> is absent in the initial invite, therefore I want to use is_ip_registered() >> but I'm having issues and I don't understand exactly what the second >> parameter is for, I want to check for the ip in the $si variable if it is >> registered (either in the contact field or in the received field). >> >> When leaving blank the AOR field, some devices work well but some don't. >> >> Due to NAT some devices register the IP in the contact field, and some in >> the received field, I want to try to match to either one, and it should >> parse the contact field that it should ignore the username from the contact >> field. >> >> I was doing a avp_db_query() until now, but it had 2 major issues. >> >> 1) It runs a MYSQL query on each REQUEST which reduces performance, I >> couldn't use memcache because IP's are dynamic in nature. >> 2) I use db_mode 2 on usrloc and it takes about a minute for the >> registration to appear in the DB and the user can't call out during that >> minute, and even worse if he tries multiple times and it gets rejected my >> iptables will block his IP. >> >> thank you >> S. Rosenberg >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users -- Serge S. Yuriev
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
