<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<span class="tlid-translation translation" lang="en"><span title="">Hi,</span><br>
<br>
<span title="" class="">You can use the yml configuration so it
will be cleaner and you will not have to use templates or
re-apply them in the future when you update the system.</span><br>
<br>
<span title="">Greetings.</span></span>
<p>José María Caballero<br>
</p>
<div class="moz-cite-prefix">El 20/3/19 a las 0:58, Hohl Matthias
escribió:<br>
</div>
<blockquote type="cite"
cite="mid:1090046962.1251351.1553039897723.JavaMail.zimbra@mx.telematica.at">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">in version 5.5.5 I did
following edit, to secure against useragent sip attacks.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">In the new 6.5.3 version
I found a setting in the config.yml to define the block
useragents there.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">So is my edit needed
anymore or should I use the “block_useragents” setting in
the config.yml?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Is there also the XLOG
Warning? I couldn’t found any information in the
kamailio.tt2 about this.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ block_useragents:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ action: reject<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ enable: no<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ mode: blacklist<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">+ ua_patterns: []<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.5pt;font-family:Consolas;color:white;background:#121212"
lang="EN-US">/etc/ngcp-config/templates/etc/kamailio/lb/kamailio.cfg.customtt.tt2</span><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:DE-AT"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">add the following lines under
"request_route":<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> <o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">{<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">...<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">if(!sanity_check(“1511″, “7”))<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">{<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">xlog(“L_WARN”, “Malformed SIP message
detected – [% logreq_init -%]¥n”);<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">exit;<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US">}<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> ## filtering by UA : blacklist<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> if( is_method("REGISTER|INVITE")
&& ($ua =‾ "friendly-scanner" || $ua =‾
"friendly-request" || $ua =‾ "sipvicious" || $ua =‾
"^sipcli.+") )<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> {<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> xlog("L_WARN", "Request rejected,
malicious UA='$ua' from IP=$si - [% logreq_init -%]¥n");<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> exit;<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:9.0pt"
lang="EN-US"> }<o:p></o:p></span></i></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Spce-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Spce-user@lists.sipwise.com">Spce-user@lists.sipwise.com</a>
<a class="moz-txt-link-freetext" href="https://lists.sipwise.com/listinfo/spce-user">https://lists.sipwise.com/listinfo/spce-user</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">
</pre>
</body>
</html>