[Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit

Hohl Matthias matthias.hohl at telematica.at
Wed Mar 20 05:50:05 EDT 2019 

Thank you, but will there also the XLOG message in my kamailio.log file if I use the config.yml setting?

 

Btw: in witch format I have to insert the UA here?

ua_patterns: []

 

is this format correct?

 

Ua_pattern: [“friendly-request”,"^sipcli.+",”abcd”)

 

Thanks again

 

Von: Spce-user <spce-user-bounces at lists.sipwise.com> Im Auftrag von José María Caballero Alba
Gesendet: Mittwoch, 20. März 2019 10:37
An: spce-user at lists.sipwise.com
Betreff: Re: [Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit

 

Hi,

You can use the yml configuration so it will be cleaner and you will not have to use templates or re-apply them in the future when you update the system.

Greetings. 

José María Caballero

El 20/3/19 a las 0:58, Hohl Matthias escribió:

Hello,

 

in version 5.5.5 I did following edit, to secure against useragent sip attacks.

In the new 6.5.3 version I found a setting in the config.yml to define the block useragents there.

So is my edit needed anymore or should I use the “block_useragents” setting in the config.yml?

Is there also the XLOG Warning? I couldn’t found any information in the kamailio.tt2 about this.

 

+    block_useragents:

+      action: reject

+      enable: no

+      mode: blacklist

+      ua_patterns: []

 

 

/etc/ngcp-config/templates/etc/kamailio/lb/kamailio.cfg.customtt.tt2

 

add the following lines under "request_route":

  

{

...

if(!sanity_check(“1511″, “7”))

{

xlog(“L_WARN”, “Malformed SIP message detected – [% logreq_init -%]¥n”);

exit;

}

    ## filtering by UA : blacklist

    if( is_method("REGISTER|INVITE") && ($ua =‾ "friendly-scanner" || $ua =‾ "friendly-request" || $ua =‾ "sipvicious" || $ua =‾ "^sipcli.+") )

    {

        xlog("L_WARN", "Request rejected, malicious UA='$ua' from IP=$si - [% logreq_init -%]¥n");

        exit;

    }

 

 

 





_______________________________________________
Spce-user mailing list
Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com> 
https://lists.sipwise.com/listinfo/spce-user

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190320/056da4a3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6564 bytes
Desc: not available
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190320/056da4a3/attachment-0001.p7s>

More information about the Spce-user mailing list