El Monday 15 October 2007 22:35:34 Klaus Darilion escribió: > Iñaki Baz Castillo wrote: > > El Monday 15 October 2007 12:12:44 Klaus Darilion escribió: > >> What exactly do you want to achieve? Do you want to allow REFER only > >> intradomain? > > > > Exactly. > > - Imagine you admin a OpenSer that gives service to 2 independent > > companies (domain_A and domain_B). > > - Imagine a user_A of domain_A calls to a user_B of domain_B. > > - During the call user_A does REFER. > > - OpenSer requires auth por REFER, so user_A sends auth (it can since > > it's a local user). > > - So finally user_B is transferred by an external user. Of course this is > > not tolerable. > > > > So I need to allow a REFER just if the caller and called are in the same > > domain, but REFER is in-dialog so there is not domain name in the URI. > > just an idea: check if $fd of REFER is identical to domain in REFER to > header - if not -> reject it.
It's a great idea! Of course I need to test it. For example: What about if the "Refer-to" header just contains "sip:001234234234" with no @domain? maybe there are "broken" SIP devices which auto-complete this URI with their domain? > Further, if B's phone send out the new INVITE, if $rd != $fd then do not > send the call to the gateway. Humm, it can't be, because in case of a forwarding (implemented in OpenSer) I do allow calls from others domain to PSTN gateway. Thanks a lot for your suggest, it's a very good solution :) -- Iñaki Baz Castillo [EMAIL PROTECTED] _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users