[Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit
José María Caballero Alba
josem.caballero at tecsens.com
Wed Mar 20 05:54:04 EDT 2019
hi,
yes, separated by "," and you can use 'friendly' instead of "friendly"
for the xlog I do not know.
Cheers
El 20/3/19 a las 10:50, Hohl Matthias escribió:
>
> Thank you, but will there also the XLOG message in my kamailio.log
> file if I use the config.yml setting?
>
> Btw: in witch format I have to insert the UA here?
>
> ua_patterns: []
>
> is this format correct?
>
> Ua_pattern: [“/friendly-request”,"^sipcli.+",”abcd”)/
>
> Thanks again
>
> *Von:*Spce-user <spce-user-bounces at lists.sipwise.com> *Im Auftrag von
> *José María Caballero Alba
> *Gesendet:* Mittwoch, 20. März 2019 10:37
> *An:* spce-user at lists.sipwise.com
> *Betreff:* Re: [Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block
> Useragent Edit
>
> Hi,
>
> You can use the yml configuration so it will be cleaner and you will
> not have to use templates or re-apply them in the future when you
> update the system.
>
> Greetings.
>
> José María Caballero
>
> El 20/3/19 a las 0:58, Hohl Matthias escribió:
>
> Hello,
>
> in version 5.5.5 I did following edit, to secure against useragent
> sip attacks.
>
> In the new 6.5.3 version I found a setting in the config.yml to
> define the block useragents there.
>
> So is my edit needed anymore or should I use the
> “block_useragents” setting in the config.yml?
>
> Is there also the XLOG Warning? I couldn’t found any information
> in the kamailio.tt2 about this.
>
> + block_useragents:
>
> + action: reject
>
> + enable: no
>
> + mode: blacklist
>
> + ua_patterns: []
>
> /etc/ngcp-config/templates/etc/kamailio/lb/kamailio.cfg.customtt.tt2
>
> /add the following lines under "request_route":/
>
> //
>
> /{/
>
> /.../
>
> /if(!sanity_check(“1511″, “7”))/
>
> /{/
>
> /xlog(“L_WARN”, “Malformed SIP message detected – [% logreq_init
> -%]¥n”);/
>
> /exit;/
>
> /}/
>
> / ## filtering by UA : blacklist/
>
> / if( is_method("REGISTER|INVITE") && ($ua =‾
> "friendly-scanner" || $ua =‾ "friendly-request" || $ua =‾
> "sipvicious" || $ua =‾ "^sipcli.+") )/
>
> / {/
>
> / xlog("L_WARN", "Request rejected, malicious UA='$ua' from
> IP=$si - [% logreq_init -%]¥n");/
>
> / exit;/
>
> / }/
>
>
>
> _______________________________________________
>
> Spce-user mailing list
>
> Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
>
> https://lists.sipwise.com/listinfo/spce-user
>
--
José María Caballero Alba, Ext 109
Technical Dept.
Tecsens
(T) +34.902.88.40.80
www.tecsens.com
Sense & Technology
Voice Solutions,
Internet, Networks & Security,
Private Cloud Services,
IT Consulting & Outsourcing
AVISO LEGAL
Esta información es privada y confidencial, y está dirigida únicamente a su destinatario. Si usted no es el destinatario original de este mensaje y, a pesar de ello ha podido acceder a dicha información, por favor elimine este mensaje.
LEGAL NOTICE
This information is private and confidential, and intended for the recipient only. If you are not the intended recipient of this message, and you have been able to access its content, please delete this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190320/1f5c2f91/attachment-0001.html>
More information about the Spce-user
mailing list