[Spce-user] UA filter

Henk henk at voipdigit.nl
Thu Mar 14 11:46:43 EDT 2019 

Hi Andy,

It looks like you're on mr6.x, so I think you can use the build-in 
protection. In subscriber preferences under access restrictions you'll 
find ua_filter_list and ua_filter_mode, so I think you don't need the 
customtt files anymore.

Regards,

Henk

On 14-3-2019 16:13, Andy Clark wrote:
> i also tried this
>
> if(is_method("REGISTER|INVITE"))
> {
>       if ($ua =~ "friendly-scanner" || $ua =~ "sipvicious" || $ua =~ "^sipcli.+" || $ua =~ "^VaxSIPUserAgent.+")
>       {
>
>               xlog("L_WARN", "Request rejected, malicious UA='$u' from IP=$si - [% logreq_init -%]\n");
>
>               exit;
>
>       }
> }
>
> but i'm getting this
> root at spce:/etc/cron.d# grep 'Request rejected' 
> /var/log/ngcp/kamailio-lb.log
> Mar 14 07:54:48 core lb[4086]: ERROR: xlog [xlog.c:513]: 
> xdbg_fixup_helper(): wrong format[Request rejected, malicious UA='$u' 
> from IP=$si - M=$rm R=$ru F=$fu T=$tu IP=$pr:$si:$sp ID=$ci UA='$ua' 
> DESTIP=$Ri:$Rp#012]
> Mar 14 08:08:56 core lb[25972]: ERROR: xlog [xlog.c:513]: 
> xdbg_fixup_helper(): wrong format[Request rejected, malicious UA='$u' 
> from IP=$si - M=$rm R=$ru F=$fu T=$tu IP=$pr:$si:$sp ID=$ci UA='$ua' 
> DESTIP=$Ri:$Rp#012]
>
> any help?
>
>
> On Thu, Mar 14, 2019 at 7:14 AM Andy Clark 
> <andyclark05251978 at gmail.com <mailto:andyclark05251978 at gmail.com>> wrote:
>
>     Hi Daniel,
>     i'm trying to implement UA filter using your online tutorial,
>     unfortunately after implantation i'm getting a 408 when trying to
>     register
>
>     would you be able to look over the code
>
>     Thank you
>
>     https://www.sipwise.org/news/technical/securing-your-ngcp-against-sip-attacks/
>
>     if(!sanity_check("1511", "7"))
>     {
>     xlog("L_WARN", "Malformed SIP message detected - [% logreq_init
>     -%]\n");
>     exit;
>     ## filtering by UA : blacklist
>     if( is_method(“REGISTER|INVITE”) && ($ua =~ “friendly-scanner” ||
>     $ua =~ “sipvicious” || $ua =~ “^sipcli.+”) )
>     {
>     xlog(“L_WARN”, “Request rejected, malicious UA=’$ua’ from IP=$si –
>     [% logreq_init -%]\n”);
>     exit;
>     }
>     }
>     # checking if a request is a retransmission, if so it will exit
>
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190314/77aa6ad6/attachment-0001.html>

More information about the Spce-user mailing list