[Spce-user] Using REFER method for transfer

Ali Ardestani ali.ardestani at pnmac.com
Mon Sep 24 13:41:15 EDT 2012 

We are testing sipwise in SBC mode in front of our PBX infrastructure,
could we limit use of REFER only to internal IP addresses, so that callers
from outside could be REFERRED internally only?

On Wed, Sep 19, 2012 at 9:06 AM, Jon Bonilla <jbonilla at sipwise.com> wrote:

> El Wed, 19 Sep 2012 17:47:35 +0200
> Imanol Pardavila <imanol.pardavila at ibercom.com> escribió:
>
> > Hi,
> > I've just started testing sip:provider CE, and I have my first question.
> > When I try making a transfer for my endpoint, I get a Forbidden message.
> > As I can see in the pcap file, it seems that sip:provider CE doesn't
> > allow REFER method. Can it be enabled on any config file?
> > Thanks
> > Imanol
>
>
> You can enable it if you want. It's disabled by default to avoid fraud as
> if
> the refer is forwarded to your pstn gws and they accept that method,
> customers
> can receive a local call, be transferred to an international destination
> and
> the peer gw owner pays the bill. Be careful with enabling REFER method!
>
> What can you do to enable it:
>
> - First, you'll need to enable the method itself in the proxy configuration
>   using a customtt template. In kamailio.cfg file add it to the list of
> allowed
>   methods:
>
> -if(is_method("INVITE|ACK|CANCEL|BYE|OPTIONS|PRACK|UPDATE"))
> +if(is_method("INVITE|ACK|CANCEL|BYE|OPTIONS|PRACK|UPDATE|REFER"))
>
> That would be enough for the proxy as REFER is only sent in-dialog and no
> further confguration would be needed.
>
> - The second part is that you need to whitelist some headers in sems sbc in
>   order REFER to work. Sems has a list of allowed headers and removes the
> rest.
>   In ngcp.sbcprofile.conf you could disable header filtering or add the
> needed
>   headers to the whitelist:
>
>
> -header_list=P-D-Uri,P-Preferred-Identity,P-Asserted-Identity,Privacy,Allow,Supported,P-Out-Socket[%
> IF kamailio.proxy.presence.enable == "yes"
> %],Event,Expires,Subscription-State,Accept[% END %]
>
>
> +header_list=P-D-Uri,P-Preferred-Identity,P-Asserted-Identity,Privacy,Allow,Supported,P-Out-Socket[%
> IF kamailio.proxy.presence.enable == "yes"
> %]Expires,Accept[% END %], Refer-To, Subscription-State, Event
>
> That should be enough. This has be written without checking so I don't
> warranty
> the result. Maybe I forgot some headers but a ngrep capture could help you
> dealing with that.
>
> I also don't know the result or impact of the billing process when a call
> is
> ended due a REFER.
>
> And please, take in consideration the security risks before enabling this
> method. Make sure your gws don't allow REFER.
>
>
>
> cheers,
>
> Jon
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/listinfo/spce-user
>
>


-- 
-- 
Ali S Ardestani
Telephony Systems Engineer
Private National Mortgage Acceptance Company (PennyMac)
6101 Condor Drive
Moorpark, CA 93021

(805) 330-6004 Office
(818) 224-7442 x2654 Office
(626) 817-3512 Mobile
(818) 224-7397 Fax

ali.ardestani at pnmac.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20120924/5ff1d096/attachment.html>

More information about the Spce-user mailing list