[Freeswitch-users] ACL question
Avi Marcus
avi at avimarcus.net
Sun Jul 28 19:46:04 MSD 2013
If acl is set, then it won't check the user directory.
The IP in the user directory authorizes without checking the auth.
if you want to check the IP along with the user, then I think you have to
do that in the dial plan... I don't think it's built into FS.
-Avi
On Jul 28, 2013 5:43 PM, "Seven Du" <dujinfang at gmail.com> wrote:
> Hi,
>
> I know ACL is to block or allow an IP to reg or call. But in practise, if
> an IP is allowed then it won't check the User directory again so cannot
> match to the user info stored in the user directory and dialplan route to
> the public context.
>
> <node type="allow" cidr="192.168.1.123/32"/>
>
>
> 2013-07-28 22:11:04.647358 [DEBUG] sofia.c:7915 IP 192.168.1.123 Approved
> by acl "domains[]". Access Granted.
> 2
>
>
> If I set the cidr attribute in the user directory, but it seems been
> parsed to the ACL so it also allows any other users to reg or call from
> that url. Below is a log that shows Access Granted when I actually set the
> cidr to 1000 but calling with 1001. FS doesn't challenge 1001.
>
>
> 2013-07-28 22:07:14.347320 [DEBUG] sofia.c:7915 IP 192.168.1.123 Approved
> by acl "domains[1000 at 192.168.1.123]". Access Granted.
> 2013-07-28 22:07:14.347320 [DEBUG] sofia.c:8045 Authenticating user
> 1000 at 192.168.1.123
>
> Is it a problem?
>
> Is it possible to check the ip *and* the user? e.g. user 1000 can only reg
> from ip IP with password 1234.
>
> Thanks.
>
>
> --
> Seven Du
> http://www.freeswitch.org.cn
> http://about.me/dujinfang
> http://www.dujinfang.com
>
> Sent with Sparrow <http://www.sparrowmailapp.com/?sig>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130728/ae37b91c/attachment.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list