[OpenSIPS-Users] Block user from registration

Duane Larson duane.larson at gmail.com
Fri Jan 2 17:54:17 CET 2015


I think I understand now.  I think you would need to set up an AVPops to
switch registration/authentication on and off per user

So you might have $avp(AuthSet)

if( $avp(AuthSet) == "n" && is_method("REGISTER"))
{
    save("location");
}


if( $avp(AuthSet) == "n" && is_method("INVITE"))
{
  "don't challenge for password"
  t_relay();
}

Then you would have more if statements to handle REGISTER or INVITE if
$avp(AuthSet) equals yes.  The logic here is pretty simple.  Sure it will
be more detailed then what I provided.

This way if the user sets their account to not register then your webpage
needs to update the avp that is for them to "n" or no.  How ever you want
to do it.

Is that what you were looking to accomplish?


On Fri, Jan 2, 2015 at 9:09 AM, Satish Patel <satish.txt at gmail.com> wrote:

> Lets say i have user "A"  using IP base authentication to send call
> outside using Opensips Proxy. ( Same user has option to Username/Password
> to register and send calls).
>
> We have developed web GUI to give control control to "customer" so they
> can enable/disable their registration base method ( Reason we give that
> control to user because if user has dedicated Public IP then he can disable
> "Registration" base method so hacker can't exploit their users accounts.
>
> So my Original question is, How or what i should use or configure in
> Opensips so i can switch on/off user base registration?  ( We only allowing
> to send calls outside, no inbound calls allowed)
>
> Hope it helps you to understand my scenario, Let me know if i am wrong
> anywhere in above scenario.
>
> On Wed, Dec 31, 2014 at 1:30 PM, Duane Larson <duane.larson at gmail.com>
> wrote:
>
>> My logic saves the user that is registering into the location table
>> without challenging them for a password or checking that the user or domain
>> is local to the OpenSIPs instance.  If you are looking for something more
>> you might want to provide more detail.
>>
>> This would allow fake accounts to register if they are from a friendly IP.
>>
>>
>> On Wednesday, December 31, 2014, Satish Patel <satish.txt at gmail.com>
>> wrote:
>>
>>> How it will help if i want to allow only IP auth for specific user but
>>> not registration auth? How your logic deal with User level?
>>>
>>>
>>> On Wed, Dec 31, 2014 at 12:22 PM, Duane Larson <duane.larson at gmail.com>
>>> wrote:
>>>
>>>> Would you not just do something like this?
>>>>
>>>> If(FriendlyIP && is_method("REGISTER"))
>>>> {
>>>>                 if (t_newtran()) {
>>>>                         save("location");
>>>>                 }
>>>>
>>>>                 exit;
>>>> }
>>>>
>>>> On Wed, Dec 31, 2014 at 10:22 AM, Satish Patel <satish.txt at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> We have many users using both registration method and IP auth method
>>>>> to send calls but i wants if they use IP Auth method then we can disable
>>>>> registration method ( just prevention from hacking attack).
>>>>>
>>>>> I believe registration is only required for incoming calls to find
>>>>> user location, right? How do i tell opensips don't accept user registration
>>>>> method even opensips challenge for proxy auth. any suggestion?
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at lists.opensips.org
>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150102/6c541362/attachment-0001.htm>


More information about the Users mailing list