[Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit

[José María Caballero Alba]

Hi,

You can use the yml configuration so it will be cleaner and you will not 
have to use templates or re-apply them in the future when you update the 
system.

Greetings.

José María Caballero

El 20/3/19 a las 0:58, Hohl Matthias escribió:
>
> Hello,
>
> in version 5.5.5 I did following edit, to secure against useragent sip 
> attacks.
>
> In the new 6.5.3 version I found a setting in the config.yml to define 
> the block useragents there.
>
> So is my edit needed anymore or should I use the “block_useragents” 
> setting in the config.yml?
>
> Is there also the XLOG Warning? I couldn’t found any information in 
> the kamailio.tt2 about this.
>
> +    block_useragents:
>
> +      action: reject
>
> +      enable: no
>
> +      mode: blacklist
>
> +      ua_patterns: []
>
> /etc/ngcp-config/templates/etc/kamailio/lb/kamailio.cfg.customtt.tt2
>
> /add the following lines under "request_route":/
>
> //
>
> /{/
>
> /.../
>
> /if(!sanity_check(“1511″, “7”))/
>
> /{/
>
> /xlog(“L_WARN”, “Malformed SIP message detected – [% logreq_init -%]¥n”);/
>
> /exit;/
>
> /}/
>
> /    ## filtering by UA : blacklist/
>
> /    if( is_method("REGISTER|INVITE") && ($ua =‾ "friendly-scanner" || 
> $ua =‾ "friendly-request" || $ua =‾ "sipvicious" || $ua =‾ "^sipcli.+") )/
>
> /    {/
>
> /        xlog("L_WARN", "Request rejected, malicious UA='$ua' from 
> IP=$si - [% logreq_init -%]¥n");/
>
> /        exit;/
>
> /    }/
>
>
> _______________________________________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> https://lists.sipwise.com/listinfo/spce-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190320/7e4a8e69/attachment-0001.html>