
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hi Andy,</p>

    <p>It looks like you're on mr6.x, so I think you can use the

      build-in protection. In subscriber preferences under access

      restrictions you'll find ua_filter_list and ua_filter_mode, so I

      think you don't need the customtt files anymore.</p>

    <p>Regards,</p>

    <p>Henk<br>

    </p>

    <div class="moz-cite-prefix">On 14-3-2019 16:13, Andy Clark wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CA+-Ur-Jvw1+suOyi9WCTLsZ-NeLGAhLeQBzDeLthW0yoBa9KUQ@mail.gmail.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <div dir="ltr">

        <div dir="ltr">i also tried this

          <div><br>

          </div>

          <div>

            <pre style="white-space:pre-wrap;color:rgb(0,0,0)">if(is_method("REGISTER|INVITE"))

{

     if ($ua =~ "friendly-scanner" || $ua =~ "sipvicious" || $ua =~ "^sipcli.+" || $ua =~ "^VaxSIPUserAgent.+")

     {


             xlog("L_WARN", "Request rejected, malicious UA='$u' from IP=$si - [% logreq_init -%]\n");


             exit;


     }

}


</pre>

            but i'm getting this </div>

          <div><a class="moz-txt-link-abbreviated" href="mailto:root@spce:/etc/cron.d#">root@spce:/etc/cron.d#</a> grep 'Request rejected'

            /var/log/ngcp/kamailio-lb.log<br>

          </div>

          <div>

            <div>Mar 14 07:54:48 core lb[4086]: ERROR: xlog

              [xlog.c:513]: xdbg_fixup_helper(): wrong format[Request

              rejected, malicious UA='$u' from IP=$si - M=$rm R=$ru

              F=$fu T=$tu IP=$pr:$si:$sp ID=$ci UA='$ua'

              DESTIP=$Ri:$Rp#012]</div>

            <div>Mar 14 08:08:56 core lb[25972]: ERROR: xlog

              [xlog.c:513]: xdbg_fixup_helper(): wrong format[Request

              rejected, malicious UA='$u' from IP=$si - M=$rm R=$ru

              F=$fu T=$tu IP=$pr:$si:$sp ID=$ci UA='$ua'

              DESTIP=$Ri:$Rp#012]</div>

          </div>

          <div><br>

          </div>

          <div>any help?</div>

          <div><br>

          </div>

        </div>

      </div>

      <br>

      <div class="gmail_quote">

        <div dir="ltr" class="gmail_attr">On Thu, Mar 14, 2019 at 7:14

          AM Andy Clark <<a href="mailto:andyclark05251978@gmail.com"

            moz-do-not-send="true">andyclark05251978@gmail.com</a>>

          wrote:<br>

        </div>

        <blockquote class="gmail_quote" style="margin:0px 0px 0px

          0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

          <div dir="ltr">

            <div>Hi Daniel,</div>

            <div>i'm trying to implement UA filter using your online

              tutorial, unfortunately after implantation i'm getting a

              408 when trying to register</div>

            <div><br>

            </div>

            <div>would you be able to look over the code</div>

            <div><br>

            </div>

            <div>Thank you </div>

            <div><br>

            </div>

            <div><a

href="https://www.sipwise.org/news/technical/securing-your-ngcp-against-sip-attacks/"

                target="_blank" moz-do-not-send="true">https://www.sipwise.org/news/technical/securing-your-ngcp-against-sip-attacks/</a><span style="white-space:pre-wrap">       </span></div>

            <div><br>

            </div>

            <div>if(!sanity_check("1511", "7"))</div>

            <div><span style="white-space:pre-wrap">      </span>{</div>

            <div><span style="white-space:pre-wrap">              </span>xlog("L_WARN",

              "Malformed SIP message detected - [% logreq_init -%]\n");</div>

            <div><span style="white-space:pre-wrap">              </span>exit;</div>

            <div>## <span style="white-space:pre-wrap">  </span>filtering

              by UA : blacklist</div>

            <div><span style="white-space:pre-wrap">      </span>if(

              is_method(“REGISTER|INVITE”) && ($ua =~

              “friendly-scanner” || $ua =~ “sipvicious” || $ua =~

              “^sipcli.+”) )</div>

            <div><span style="white-space:pre-wrap">      </span>{ </div>

            <div><span style="white-space:pre-wrap">              </span>xlog(“L_WARN”,

              “Request rejected, malicious UA=’$ua’ from IP=$si – [%

              logreq_init -%]\n”); </div>

            <div><span style="white-space:pre-wrap">              </span>exit; </div>

            <div><span style="white-space:pre-wrap">      </span>}</div>

            <div><span style="white-space:pre-wrap">      </span>}</div>

            <div><span style="white-space:pre-wrap">      </span># checking

              if a request is a retransmission, if so it will exit</div>

            <div class="gmail-m_-4180696603223334550gmail-adL"><br>

            </div>

            <br

              class="gmail-m_-4180696603223334550gmail-Apple-interchange-newline">

          </div>

        </blockquote>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

Spce-user mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Spce-user@lists.sipwise.com">Spce-user@lists.sipwise.com</a>

<a class="moz-txt-link-freetext" href="https://lists.sipwise.com/listinfo/spce-user">https://lists.sipwise.com/listinfo/spce-user</a>

</pre>

    </blockquote>

  </body>

</html>