[Freeswitch-users] Proxy traffic security
Steven Ayre
steveayre at gmail.com
Thu Jun 9 18:17:04 MSD 2011
You can create an ACL listing proxy IPs then set the proxy-acl parameter on
the SIP profile.call
If your proxy can add a X-AUTH-IP header to the INVITE containing the
caller's IP then FS will use that IP to check against ACLs instead of the IP
received from, if the IP received from is on the proxy ACL. That way you can
still authenticate callers with ACLs behind a proxy, although you're
trusting your proxy to set that header correctly. The proxy-acl setting
means only your proxy can set the X-AUTH-IP header, it'll be ignored on
calls from any other IP.
-Steve
On 8 June 2011 23:13, Antonio <potxoka at gmail.com> wrote:
> Hello
>
> I have a FreeSwitch configured as a gateway, the proxy makes the user
> authentication and other functions. All servers have public ip's, and I
> have doubts to security. I had thought to put the proxy ip's in acl. Is
> it safe this scenario? Can it be improved? Should we also put the sip
> providers? Thanks.
>
> Greetings
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110609/e18103ed/attachment.html
More information about the FreeSWITCH-users
mailing list