[Spce-user] catch null useragent in register or invite.
gerry kernan
gerry.kernan at infinityit.ie
Mon Feb 15 08:06:17 EST 2016
Hi
I'm using the line in below kamailio-loadbalancer to catch any malicious registers or invites from known malicious UA types. I've noticed recently that we are getting invites and registers without any UA, I'm trying to catch these attempts with
$ua == "<null>" but I'm not catching them, is the syntax correct ?. all other regex are catching correctly so maybe <null> is incorrect.
if(is_method("REGISTER|INVITE") && ($ua =~ "^friendly.+" || $ua =~ "^sipvici.+" || $ua =~ "^sipcli.+" || $ua =~ "^VaxSIPUser.+" || $ua == "MizuPhone" || $ua == "voip" || $ua == "<null>"))
{
xlog("L_WARN", "Request rejected, malicious UA='$ua' IP='$si' - [% logreq_init -%]\n");
exit;
Gerry Kernan
Infinity IT | 17 The Mall | Beacon Court | Sandyford | Dublin D18 E3C8 | Ireland
Tel: +353 - (0)1 - 293 0090 | E-Mail: gerry.kernan at infinityit.ie
Managed IT Services Infinity IT - www.infinityit.ie
IP Telephony Asterisk Consulting - www.asteriskconsulting.com
Contact Centre Total Interact - www.totalinteract.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20160215/fa51a108/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2681 bytes
Desc: not available
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20160215/fa51a108/attachment.jpg>
More information about the Spce-user
mailing list