Re: [asterisk-users] On Register, run a script, validate source IP

Sebastian Nielsen Mon, 18 Nov 2019 04:43:20 -0800

You could use permit/deny in the sip.conf.

That would require your script to update sip.conf dynamically and reload the 
config for each time user wants to update their accepted location.


To avoid excessive reloads, you could have that the changes will take effect 
after 00:00, so you have a cron script which reads the user database and 
updates sip.conf, and then reloads asterisk ONCE.
So any changes user makes to their sourceIP/GeoIP configuration on webpage, 
will not take effect until midnight.

-----Ursprungligt meddelande-----
Från: asterisk-users <asterisk-users-boun...@lists.digium.com> För Benoit 
Panizzon
Skickat: den 18 november 2019 13:23
Till: asterisk-users@lists.digium.com
Ämne: [asterisk-users] On Register, run a script, validate source IP

Hi Gang

To increase security against phished passwords and similar attacks, we consider 
offering customers to define IP ranges (or GeoIP locations) from which their 
dynamic registrations are being accepted.

I can already look at the source IP in the dial plan, so no issue with validate 
an INVITE against a source IP.

But I would also like to prevent registrations from outside of this client's 
specific allowed ip addresses as well, so the line cannot be hijacked.

So I'm looking for something like

On Register:
If check_allowed_ip(auth_username) {
        return;
} else {
        Reply(403 Wrong IP for this user);
}

Any ideas how to do that? (Yes, I asked Google and found nothing useful yet)

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
      https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
      https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] On Register, run a script, validate source IP

Reply via email to