[Spce-user] UA filter

Andy Clark andyclark05251978 at gmail.com
Thu Mar 14 11:13:18 EDT 2019


i also tried this

if(is_method("REGISTER|INVITE"))
{
     if ($ua =~ "friendly-scanner" || $ua =~ "sipvicious" || $ua =~
"^sipcli.+" || $ua =~ "^VaxSIPUserAgent.+")
     {

             xlog("L_WARN", "Request rejected, malicious UA='$u' from
IP=$si - [% logreq_init -%]\n");

             exit;

     }
}


but i'm getting this
root at spce:/etc/cron.d# grep 'Request rejected' /var/log/ngcp/kamailio-lb.log
Mar 14 07:54:48 core lb[4086]: ERROR: xlog [xlog.c:513]:
xdbg_fixup_helper(): wrong format[Request rejected, malicious UA='$u' from
IP=$si - M=$rm R=$ru F=$fu T=$tu IP=$pr:$si:$sp ID=$ci UA='$ua'
DESTIP=$Ri:$Rp#012]
Mar 14 08:08:56 core lb[25972]: ERROR: xlog [xlog.c:513]:
xdbg_fixup_helper(): wrong format[Request rejected, malicious UA='$u' from
IP=$si - M=$rm R=$ru F=$fu T=$tu IP=$pr:$si:$sp ID=$ci UA='$ua'
DESTIP=$Ri:$Rp#012]

any help?


On Thu, Mar 14, 2019 at 7:14 AM Andy Clark <andyclark05251978 at gmail.com>
wrote:

> Hi Daniel,
> i'm trying to implement UA filter using your online tutorial,
> unfortunately after implantation i'm getting a 408 when trying to register
>
> would you be able to look over the code
>
> Thank you
>
>
> https://www.sipwise.org/news/technical/securing-your-ngcp-against-sip-attacks/
>
> if(!sanity_check("1511", "7"))
> {
> xlog("L_WARN", "Malformed SIP message detected - [% logreq_init -%]\n");
> exit;
> ##  filtering by UA : blacklist
> if( is_method(“REGISTER|INVITE”) && ($ua =~ “friendly-scanner” || $ua =~
> “sipvicious” || $ua =~ “^sipcli.+”) )
> {
> xlog(“L_WARN”, “Request rejected, malicious UA=’$ua’ from IP=$si – [%
> logreq_init -%]\n”);
> exit;
> }
> }
> # checking if a request is a retransmission, if so it will exit
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190314/8be522bb/attachment-0001.html>


More information about the Spce-user mailing list