Hi, I did modify my (a little-bit confused) loose route to loose route only INVITES/ACK with totags (has_totag). The rest should be going through the normal ACL procedures.
But, could not a request relayed through other proxies also have a to tag aswell? (and then again bypass security?) br hw man, 13,.03.2006 kl. 16.20 +0200, skrev Juha Heinanen: > Helge Waastad writes: > > > I have a UA (ekiga) which adds a Route:<OBP>;lr in INVITE > > Is this "legal"? > > i'm pretty sure that rfc3261 allows so called pre-loaded route sets in > initial requests, but for security reasons, many proxy configurations > deny them. i too found recently that nokia phones, when configured to use > sip, add by default a route header pointing to the outbound proxy. > > rather that simply rejecting initial requests with pre-loaded route > sets, it might be possible to configure the proxy to allow them, but > only if there is a single route entry that points to the proxy itself. > i haven't had time to think how this could be tested in openser.cfg. > > -- juha -- Helge Waastad Senior Konsulent Smartnet _______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
