[OpenSIPS-Users] How to protect OpenSIPS from undesidered requests (DoS attack?)
Bakko
asannucci at gmail.com
Wed Mar 6 11:49:05 CET 2013
Hello,
I'm using this configuration:
if (is_method("REGISTER")) {
$var(auth_code) = www_authorize("", "subscriber");
if ( $var(auth_code) == -1 || $var(auth_code) == -2 ) {
xlog("L_NOTICE","Auth error for $fU@$fd from $si cause
$var(auth_code)");
}
if ( $var(auth_code) < 0 ) {
www_challenge("", "0");
exit;
}
save("location");
exit;
on
/etc/fail2ban/filter.d/opensips.conf
# Fail2Ban configuration file
#
#
# $Revision: 250 $
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf
[Definition]
#_daemon = opensips
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag
"<HOST>" can
# be used for standard IP/hostname matching and is only an
alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = Auth error for .* from <HOST> cause -[0-9]
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
and on /etc/fail2ban/jail.conf
[opensips]
enabled = true
filter = opensips
action = iptables-allports[name=opensips, protocol=all]
sendmail-whois[name=opensips, dest=youremail at mydomain.org,
sender=fail2ban at opensipsdomain.org]
logpath = /var/log/opensips.log
maxretry = 3
bantime = 7200
Regards
More information about the Users
mailing list