[Freeswitch-users] ACLs through proxy

Metik freeswitch-users-list at metik.com
Thu Dec 17 18:43:28 PST 2009


This may be difficult considering that ACL needs to consider the 
original src IP/URI.  To do that it, freeswitch would need to do so 
using a header that retains that information (i.e. From, Via, Contact, 
etc.). Which I do not believe is currently possible using auth-acl or 
apply-proxy-acl. 

However, you should be able to emulate the behavior using mod_xml_curl  
(and validating against appropriate variables available when using it to 
authenticate the request).

see: http://wiki.freeswitch.org/wiki/Mod_xml_curl#Authorization

-metik


Bill W wrote:
> Hey Brian,
>
>
> I've been doing some testing and I am unable to get auth-calls to work 
> through a proxy the way I want them to, even with setting 
> apply-proxy-acl to either the endpoint IP or the proxy IP.
>
> I have a multi-tenant system with multiple domains with multiple users 
> in each domain.  And I want to restrict a user to an arbitrary CIDR and 
> challenge them for a password.  The arbitrary CIDR will vary from UA to 
> UA, and is specified in the directory via the auth-acl parameter.
>
> TL,DR; I want to get auth-calls to use the IP of the UA endpoint, not of 
> the proxy.
>
>
> Thanks,
> Bill
>
> Brian West wrote:
>   
>> it needs to be an ACL from acl.conf or a ip/cidr
>>
>> /b
>>
>> On Dec 17, 2009, at 5:41 AM, Bill W wrote:
>>
>>     
>>> Okay, I added: <param name="apply-proxy-acl" value="true"/> to my sofia 
>>> profile and restarted sofia, and still no joy.
>>>
>>> I'm on FreeSWITCH Version 1.0.trunk (15764)
>>> I've got <param name="auth-acl" value="190.218.103.12/32"></param> in 
>>> the directory, but I'm still being rejected by the acl:
>>>
>>> 2009-12-17 06:04:59.920517 [WARNING] sofia_reg.c:1928 IP 64.135.119.105 
>>> Rejected by user acl 190.218.103.12/32
>>>
>>> Here's what I believe is the appropriate snippet of the debug output:
>>> http://pastebin.freeswitch.org/11531
>>>
>>> Thoughts?
>>> Thanks,
>>> Bill
>>>       
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>     
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>   





More information about the FreeSWITCH-users mailing list