[Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit

Hohl Matthias matthias.hohl at telematica.at
Tue Mar 26 05:33:59 EDT 2019


Btw the xlog don’t include a IP information of the request device:

# xlog("L_INFO", "Request rejected, bad UA='$x_hdr(User-Agent)' - [% logreq_init -%]\n");

 

 

So the right string should be looks like this:

# xlog("L_NOTICE", "Request rejected, bad UA='$x_hdr(User-Agent)' from IP=$si - [% logreq_init -%]\n");

 

 

And the fail2ban regex like this then:

# failregex = Request rejected, bad UA='.*' from IP=<HOST>

 

 

Von: Spce-user <spce-user-bounces at lists.sipwise.com> Im Auftrag von Hohl Matthias
Gesendet: Dienstag, 26. März 2019 10:29
An: 'Alex Lutay' <alutay at sipwise.com>; spce-user at lists.sipwise.com
Betreff: Re: [Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit

 

Oh okay.. 

 

so to get fail2ban to work for this, I have to change the debug level to 2, but this will produce very big log files, or I change the kamailio.tt2 from xlog(“L_INFO” to xlog(“L_NOTICE

Right?

 

 

Von: Spce-user <spce-user-bounces at lists.sipwise.com <mailto:spce-user-bounces at lists.sipwise.com> > Im Auftrag von Alex Lutay
Gesendet: Dienstag, 26. März 2019 10:23
An: spce-user at lists.sipwise.com <mailto:spce-user at lists.sipwise.com> 
Betreff: Re: [Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit

 

Hi,

The default kamailio log level is "NOTICE"
but the message has "INFO" level.
To increase the verbosity here use:

> ngcp-kamctl proxy fifo corex.debug 2

Thanks to Andrew Pogrebennyk for the hint here!

On 3/25/19 11:25 PM, Hohl Matthias wrote:
> i tried today the useragents blocking via config.yml file and the
> blocking works fine BUT I have no log entry anywhere.
> 
> Neither in kamailio-proxy.log or in kamailio-lb.log
> 
> But my phone with the bad user agent was rejected… I also tried it with
> blocked… it also works, but no log entry for it.
> 
> Maybe I search on wrong place?
> 
> I searched for “rejected” in proxy and lb log.

-- 
Alex Lutay
_______________________________________________
Spce-user mailing list
Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com> 
https://lists.sipwise.com/listinfo/spce-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190326/b268e1eb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6564 bytes
Desc: not available
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190326/b268e1eb/attachment-0001.p7s>


More information about the Spce-user mailing list