[Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit
Hohl Matthias
matthias.hohl at telematica.at
Tue Mar 19 19:58:17 EDT 2019
Hello,
in version 5.5.5 I did following edit, to secure against useragent sip
attacks.
In the new 6.5.3 version I found a setting in the config.yml to define the
block useragents there.
So is my edit needed anymore or should I use the “block_useragents”
setting in the config.yml?
Is there also the XLOG Warning? I couldn’t found any information in the
kamailio.tt2 about this.
+ block_useragents:
+ action: reject
+ enable: no
+ mode: blacklist
+ ua_patterns: []
/etc/ngcp-config/templates/etc/kamailio/lb/kamailio.cfg.customtt.tt2
add the following lines under "request_route":
{
...
if(!sanity_check(“1511″, “7”))
{
xlog(“L_WARN”, “Malformed SIP message detected - [% logreq_init -%]\n”);
exit;
}
## filtering by UA : blacklist
if( is_method("REGISTER|INVITE") && ($ua =~ "friendly-scanner" || $ua =~
"friendly-request" || $ua =~ "sipvicious" || $ua =~ "^sipcli.+") )
{
xlog("L_WARN", "Request rejected, malicious UA='$ua' from IP=$si -
[% logreq_init -%]\n");
exit;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20190320/f23dc22e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6564 bytes
Desc: not available
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20190320/f23dc22e/attachment.p7s>
More information about the Spce-user
mailing list