<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>hi,</p>
<p><br>
</p>
<p>yes, separated by "," and you can use 'friendly' instead of
"friendly" <br>
</p>
<p><br>
</p>
<p><span class="tlid-translation translation" tabindex="-1"
lang="en"><span title="" class="">for the xlog I do not know.</span></span></p>
<p><span class="tlid-translation translation" tabindex="-1"
lang="en"><span title="" class=""><br>
</span></span></p>
<p><span class="tlid-translation translation" tabindex="-1"
lang="en"><span title="" class="">Cheers<br>
</span></span></p>
<div class="moz-cite-prefix">El 20/3/19 a las 10:50, Hohl Matthias
escribió:<br>
</div>
<blockquote type="cite"
cite="mid:1546138348.1283594.1553075405788.JavaMail.zimbra@mx.telematica.at">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;
mso-fareast-language:DE-AT;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:DE-AT;}
span.tlid-translation
{mso-style-name:tlid-translation;}
span.E-MailFormatvorlage20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.E-MailFormatvorlage23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US">Thank
you, but will there also the XLOG message in my kamailio.log
file if I use the config.yml setting?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US">Btw:
in witch format I have to insert the UA here?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">ua_patterns: []</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US">is
this format correct?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US">Ua_pattern:
[“</span><i><span style="font-size:9.0pt" lang="EN-US">friendly-request”,"^sipcli.+",”abcd”)</span></i><span
style="color:windowtext" lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US">Thanks
again<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="color:windowtext;mso-fareast-language:DE-AT"
lang="DE">Von:</span></b><span
style="color:windowtext;mso-fareast-language:DE-AT"
lang="DE"> Spce-user
<a class="moz-txt-link-rfc2396E" href="mailto:spce-user-bounces@lists.sipwise.com"><spce-user-bounces@lists.sipwise.com></a> <b>Im
Auftrag von </b>José María Caballero Alba<br>
<b>Gesendet:</b> Mittwoch, 20. März 2019 10:37<br>
<b>An:</b> <a class="moz-txt-link-abbreviated" href="mailto:spce-user@lists.sipwise.com">spce-user@lists.sipwise.com</a><br>
<b>Betreff:</b> Re: [Spce-user] Upgrade from 5.5.5 to
6.5.3 - Block Useragent Edit<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span class="tlid-translation"><span
lang="EN">Hi,</span></span><span lang="EN"><br>
<br>
<span class="tlid-translation">You can use the yml
configuration so it will be cleaner and you will not have
to use templates or re-apply them in the future when you
update the system.</span><br>
<br>
<span class="tlid-translation">Greetings.</span></span><span
lang="EN"> </span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p>José María Caballero<o:p></o:p></p>
<div>
<p class="MsoNormal">El 20/3/19 a las 0:58, Hohl Matthias
escribió:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">in version 5.5.5 I did
following edit, to secure against useragent sip attacks.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">In the new 6.5.3
version I found a setting in the config.yml to define the
block useragents there.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">So is my edit needed
anymore or should I use the “block_useragents” setting in
the config.yml?</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Is there also the XLOG
Warning? I couldn’t found any information in the
kamailio.tt2 about this.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">+ block_useragents:</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">+ action: reject</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">+ enable: no</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">+ mode: blacklist</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">+ ua_patterns: []</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:Consolas;color:white;background:#121212"
lang="EN-US">/etc/ngcp-config/templates/etc/kamailio/lb/kamailio.cfg.customtt.tt2</span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:DE-AT"
lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">add the following lines under
"request_route":</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> </span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">{</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">...</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">if(!sanity_check(“1511″, “7”))</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">{</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">xlog(“L_WARN”, “Malformed SIP message
detected – [% logreq_init -%]¥n”);</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">exit;</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">}</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> ## filtering by UA : blacklist</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> if( is_method("REGISTER|INVITE")
&& ($ua =‾ "friendly-scanner" || $ua =‾
"friendly-request" || $ua =‾ "sipvicious" || $ua =‾
"^sipcli.+") )</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> {</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> xlog("L_WARN", "Request rejected,
malicious UA='$ua' from IP=$si - [% logreq_init -%]¥n");</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> exit;</span></i><o:p></o:p></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> }</span></i><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:DE-AT"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Spce-user mailing list<o:p></o:p></pre>
<pre><a href="mailto:Spce-user@lists.sipwise.com" moz-do-not-send="true">Spce-user@lists.sipwise.com</a><o:p></o:p></pre>
<pre><a href="https://lists.sipwise.com/listinfo/spce-user" moz-do-not-send="true">https://lists.sipwise.com/listinfo/spce-user</a><o:p></o:p></pre>
</blockquote>
<pre><o:p> </o:p></pre>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
José María Caballero Alba, Ext 109
Technical Dept.
Tecsens
(T) +34.902.88.40.80
<a class="moz-txt-link-abbreviated" href="http://www.tecsens.com">www.tecsens.com</a>
Sense & Technology
Voice Solutions,
Internet, Networks & Security,
Private Cloud Services,
IT Consulting & Outsourcing
AVISO LEGAL
Esta información es privada y confidencial, y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y, a pesar de ello ha podido acceder a dicha información, por favor elimine este mensaje.
LEGAL NOTICE
This information is private and confidential, and intended for the recipient only. If you are not the intended recipient of this message, and you have been able to access its content, please delete this message. </pre>
</body>
</html>