[SR-Users] loose_route security
Henning Westerholt
henning.westerholt at 1und1.de
Tue Apr 12 10:43:11 CEST 2011
On Monday 11 April 2011, Eric Hiller wrote:
> I think what I am going to do is use a combination of:
>
> 1. Whitelist my gateway IPs.
>
> 2. Any initial INVITES from non-gateway IPs will be authorized and the
> dialog be added to a simple htable based on callid
>
> 3. Any in-dialog will do a lookup on the htable so that authorization isn't
> required on bye and the like.
>
> Does this seem a reasonable course of action?
Hi Eric,
sounds fine.
> One question, what is the best way to whitelist a few (3) gateways?
> I'd rather not do if($si == "ip1" || $si == "ip2" || $si == "ip3"){
> Is there any sort of if(in_array($si,"whitelist")){ functionality or a way
> to iterate through an array of whitelisted ips? (I do not want to
> configure database support if possible)
If your gateways are in one subnet, you could just specify a network in the
configuration, like this: $si == 192.168.1.1/26
Cheers,
Henning
More information about the sr-users
mailing list