[OpenSIPS-Users] Block user from registration

Liviu Chircu liviu at opensips.org
Mon Jan 5 16:22:16 CET 2015


If you are strictly doing an IP-based auth using the permissions module, 
you may define a "Registration Disabled" flag (1/0) within the 
"context_info" column of the address table.
You can then extract this info in your script when calling 
check_source_address() and drop REGISTERs if set to "1" [1].

However, to me it seems like your feature is subscriber-oriented. Since 
a subscriber may have multiple entries in the address table,
I would define the "Registration Disabled" flag as an additional column 
in the subscriber table, and fetch it using the "load_credentials" modparam.

[1]: 
http://www.opensips.org/html/docs/modules/2.1.x/permissions.html#id294950
[2]: http://www.opensips.org/html/docs/modules/2.1.x/auth_db.html#id293578

Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 02.01.2015 17:09, Satish Patel wrote:
> Lets say i have user "A"  using IP base authentication to send call 
> outside using Opensips Proxy. ( Same user has option to 
> Username/Password to register and send calls).
>
> We have developed web GUI to give control control to "customer" so 
> they can enable/disable their registration base method ( Reason we 
> give that control to user because if user has dedicated Public IP then 
> he can disable "Registration" base method so hacker can't exploit 
> their users accounts.
>
> So my Original question is, How or what i should use or configure in 
> Opensips so i can switch on/off user base registration?  ( We only 
> allowing to send calls outside, no inbound calls allowed)
>
> Hope it helps you to understand my scenario, Let me know if i am wrong 
> anywhere in above scenario.
>
> On Wed, Dec 31, 2014 at 1:30 PM, Duane Larson <duane.larson at gmail.com 
> <mailto:duane.larson at gmail.com>> wrote:
>
>     My logic saves the user that is registering into the location
>     table without challenging them for a password or checking that the
>     user or domain is local to the OpenSIPs instance.  If you are
>     looking for something more you might want to provide more detail.
>
>     This would allow fake accounts to register if they are from a
>     friendly IP.
>
>
>     On Wednesday, December 31, 2014, Satish Patel
>     <satish.txt at gmail.com <mailto:satish.txt at gmail.com>> wrote:
>
>         How it will help if i want to allow only IP auth for specific
>         user but not registration auth? How your logic deal with User
>         level?
>
>
>         On Wed, Dec 31, 2014 at 12:22 PM, Duane Larson
>         <duane.larson at gmail.com> wrote:
>
>             Would you not just do something like this?
>
>             If(FriendlyIP && is_method("REGISTER"))
>             {
>                             if (t_newtran()) {
>             save("location");
>                             }
>
>                             exit;
>             }
>
>             On Wed, Dec 31, 2014 at 10:22 AM, Satish Patel
>             <satish.txt at gmail.com> wrote:
>
>                 Hi,
>
>                 We have many users using both registration method and
>                 IP auth method to send calls but i wants if they use
>                 IP Auth method then we can disable registration method
>                 ( just prevention from hacking attack).
>
>                 I believe registration is only required for incoming
>                 calls to find user location, right? How do i tell
>                 opensips don't accept user registration method even
>                 opensips challenge for proxy auth. any suggestion?
>
>                 _______________________________________________
>                 Users mailing list
>                 Users at lists.opensips.org
>                 http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>             _______________________________________________
>             Users mailing list
>             Users at lists.opensips.org
>             http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>     _______________________________________________
>     Users mailing list
>     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150105/52023ec0/attachment.htm>


More information about the Users mailing list