[Freeswitch-users] log X-AUTH-IP instead of source IP

Roman Dissauer roman at dissauer.net
Tue Dec 6 18:57:33 MSK 2016 

Hi,

I solved that on Kamailio side:

onreply_route {
   ...
        if (is_method("REGISTER|INVITE")) {
            if (pcre_match("$rs", "^4..")) {
                xlog("L_INFO", "Unauthorized Request from $T_req($si)\n");
            }
        }
   ...
}

Thanks!
Roman

> Am 30.11.2016 um 04:52 schrieb Sergey Safarov <s.safarov at gmail.com>:
> 
> When you use kamailio then close sip interface port via iptables rules like "block all except kamailio IP where destination port 5060"
> fail2ban is not required in your case.
> 
> Failed registration and failed INVITE authorization can be logged at kamailio configuration.
> 
> 
> ср, 30 нояб. 2016, 0:21 Steven Ayre <steveayre at gmail.com <mailto:steveayre at gmail.com>>:
> Are you using apply-proxy-acl?
> 
> If not see if that helps, otherwise perhaps file a Jira to request it.
> 
> Regards,
> Steve
> 
> 
> On 29 November 2016 at 08:37, Roman Dissauer <roman at dissauer.net <mailto:roman at dissauer.net>> wrote:
> Hi Alex,
> 
> I already get the original source IP into FS but I need to log unsuccessful auth attempts with original IP to block them with fail2ban.
> The default log message „SIP auth challenge…“ does only log the Proxy IP
> 
> Roman
> 
> 
> > Am 29.11.2016 um 09:28 schrieb Alex Balashov <abalashov at evaristesys.com <mailto:abalashov at evaristesys.com>>:
> >
> > Hi Roman,
> >
> > It sounds like you should just attach the original source IP as a custom SIP header on the Kamailio side:
> >
> >   append_hf("X-Orig-SRC-IP: $si\r\n");
> >
> > You can then recover that in FreeSWITCH with ${sip_h_X-Orig-SRC-IP}.
> >
> > -- Alex
> >
> > --
> > Alex Balashov | Principal | Evariste Systems LLC
> >
> > Tel: +1-706-510-6800 <tel:%2B1-706-510-6800> (direct) / +1-800-250-5920 <tel:%2B1-800-250-5920> (toll-free)
> > Web: http://www.evaristesys.com/ <http://www.evaristesys.com/>, http://www.csrpswitch.com/ <http://www.csrpswitch.com/>
> >
> > _________________________________________________________________________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> > http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org <http://www.freeswitch.org/>
> > http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> > http://www.cluecon.com <http://www.cluecon.com/>
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> > http://www.freeswitch.org <http://www.freeswitch.org/>
> 
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>_________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161206/942d10a4/attachment.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list