[Freeswitch-users] ACLs through proxy
Bill W
freeswitch at aastral.net
Thu Dec 17 16:01:35 PST 2009
Hey Brian,
I've been doing some testing and I am unable to get auth-calls to work
through a proxy the way I want them to, even with setting
apply-proxy-acl to either the endpoint IP or the proxy IP.
I have a multi-tenant system with multiple domains with multiple users
in each domain. And I want to restrict a user to an arbitrary CIDR and
challenge them for a password. The arbitrary CIDR will vary from UA to
UA, and is specified in the directory via the auth-acl parameter.
TL,DR; I want to get auth-calls to use the IP of the UA endpoint, not of
the proxy.
Thanks,
Bill
Brian West wrote:
> it needs to be an ACL from acl.conf or a ip/cidr
>
> /b
>
> On Dec 17, 2009, at 5:41 AM, Bill W wrote:
>
>> Okay, I added: <param name="apply-proxy-acl" value="true"/> to my sofia
>> profile and restarted sofia, and still no joy.
>>
>> I'm on FreeSWITCH Version 1.0.trunk (15764)
>> I've got <param name="auth-acl" value="190.218.103.12/32"></param> in
>> the directory, but I'm still being rejected by the acl:
>>
>> 2009-12-17 06:04:59.920517 [WARNING] sofia_reg.c:1928 IP 64.135.119.105
>> Rejected by user acl 190.218.103.12/32
>>
>> Here's what I believe is the appropriate snippet of the debug output:
>> http://pastebin.freeswitch.org/11531
>>
>> Thoughts?
>> Thanks,
>> Bill
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
More information about the FreeSWITCH-users
mailing list