[Spce-user] catch null useragent in register or invite.
Daniel Grotti
dgrotti at sipwise.com
Mon Feb 15 08:15:28 EST 2016
Hi Gerry,
please try this in kamilio/proxy/kamailio.cfg it works for me.
For the null, try to check $ua == $null:
if( is_method("REGISTER|INVITE") && $sp != "5080" && !has_totag() )
{
if($ua =~ "^friendly.+" || $ua =~ "^sipvici.+" || $ua
=~ "^sipcli.+" || $ua =~ "^VaxSIPUser.+" || $ua == "MizuPhone" || $ua ==
"voip" || $ua == $null )
{
xlog("L_NOTICE", "UA='$ua' rejected - S=$rs
SS='$rr' M=$rm R=$ru F=$fu T=$tu IP=$pr:$si:$sp UAIP=$si UA='$ua' ID=$ci
\n");
exit;
}
}
##end
I would be careful for the $null, cause you may reject good messages,
just without User-Agent header.
*Daniel Grotti *
Head of Customer Support
Sipwise GmbH <http://www.sipwise.com> , Campus 21/Europaring F15
AT-2345 Brunn am Gebirge
Phone: +43(0)1 301 2032 <callto:+4313012032>
Email: dgrotti at sipwise.com <mailto:dgrotti at sipwise.com>
Website: www.sipwise.com <http://www.sipwise.com>
Particulars according Austrian Companies Code paragraph 14
"Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge
FN:305595f, Commercial Court Vienna, ATU64002206
On 02/15/2016 02:06 PM, gerry kernan wrote:
>
> Hi
>
> I’m using the line in below kamailio-loadbalancer to catch any
> malicious registers or invites from known malicious UA types. I’ve
> noticed recently that we are getting invites and registers without any
> UA, I’m trying to catch these attempts with
>
> $ua == "<null>" but I’m not catching them, is the syntax correct ?.
> all other regex are catching correctly so maybe <null> is incorrect.
>
> if(is_method("REGISTER|INVITE") && ($ua =~ "^friendly.+" || $ua =~
> "^sipvici.+" || $ua =~ "^sipcli.+" || $ua =~ "^VaxSIPUser.+" || $ua ==
> "MizuPhone" || $ua == "voip" || $ua == "<null>"))
>
> {
>
> xlog("L_WARN", "Request rejected, malicious UA='$ua'
> IP='$si' - [% logreq_init -%]\n");
>
> exit;
>
> *Gerry Kernan*
>
> cid:image001.jpg at 01D105A5.2701B0E0
>
> *Infinity IT | 17 The Mall | Beacon Court | Sandyford |
> Dublin D18 E3C8 | Ireland*
>
> *Tel: +353 - (0)1 - 293 0090 | E-Mail: *gerry.kernan at infinityit.ie
> <mailto:gerry.kernan at infinityit.ie>**
>
> **
>
> *Managed IT Services__Infinity IT*- www.infinityit.ie
> <http://www.infinityit.ie/>
>
> *IP Telephony__Asterisk Consulting*– www.asteriskconsulting.com
> <http://www.asteriskconsulting.com>
>
> *Contact Centre__Total Interact*– www.totalinteract.com
> <http://www.totalinteract.com>
>
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20160215/6adfc12d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2681 bytes
Desc: not available
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20160215/6adfc12d/attachment-0001.jpe>
More information about the Spce-user
mailing list