[Freeswitch-users] log X-AUTH-IP instead of source IP
Roman Dissauer
roman at dissauer.net
Tue Nov 29 16:08:47 MSK 2016
Thanks guys,
I’m sure that it is best practice to prevent brute force attacks on Kamailio. I also do that on another system where Kamailio handles full registration/authentication. Due to the fact that my SIP Proxy is as basic as possible forwarding all packets to the backend Freeswitch (just for load balancing), I thought it would be easier to solve that on Freeswitch side.
I’ll try to get that done in the reply route and will post the results here.
Roman
> Am 29.11.2016 um 10:40 schrieb Alex Balashov <abalashov at evaristesys.com>:
>
> On Tue, Nov 29, 2016 at 11:22:25AM +0200, Vladyslav Zakhozhai wrote:
>
>> I think that more elegant solution for your task is cut off bruteforce on
>> Kamailio side rather than on FreeSWITCH. You do not need (and must not)
>> pass malicious traffic to backends. It is best practice.
>
> I would agree with that. Kamailio makes a far better "condom" than Freeswitch.
>
> I just assumed there was something in his use-case that compelled relaying traffic forward uncritically.
>
> --
> Alex Balashov | Principal | Evariste Systems LLC
>
> Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list