[Freeswitch-users] log X-AUTH-IP instead of source IP

Vladyslav Zakhozhai v.zakhozhai at gmail.com
Tue Nov 29 17:08:13 MSK 2016


Roman,

My point of view is the following.

Fail2ban bans requests based on logs output. Right? You can keep kamailio's
config as simple as possible but add logging of failed auth attempts. I.e.

reply_route[FROM_BACKEND] {
    if(status == 403) {
        xlog("L_WARN", "Frobidden from $si:$sp blah...\n");
    }
}

And then you just need make appropriate filter.

This is just my opinion.

In the case of FreeSWITCH I do not know is it possible to show original IP
address due failed auth attempts. sorry.

2016-11-29 15:08 GMT+02:00 Roman Dissauer <roman at dissauer.net>:

> Thanks guys,
>
> I’m sure that it is best practice to prevent brute force attacks on
> Kamailio. I also do that on another system where Kamailio handles full
> registration/authentication. Due to the fact that my SIP Proxy is as basic
> as possible forwarding all packets to the backend Freeswitch (just for load
> balancing), I thought it would be easier to solve that on Freeswitch side.
>
> I’ll try to get that done in the reply route and will post the results
> here.
>
> Roman
>
>
>
> > Am 29.11.2016 um 10:40 schrieb Alex Balashov <abalashov at evaristesys.com
> >:
> >
> > On Tue, Nov 29, 2016 at 11:22:25AM +0200, Vladyslav Zakhozhai wrote:
> >
> >> I think that more elegant solution for your task is cut off bruteforce
> on
> >> Kamailio side rather than on FreeSWITCH. You do not need (and must not)
> >> pass malicious traffic to backends. It is best practice.
> >
> > I would agree with that. Kamailio makes a far better "condom" than
> Freeswitch.
> >
> > I just assumed there was something in his use-case that compelled
> relaying traffic forward uncritically.
> >
> > --
> > Alex Balashov | Principal | Evariste Systems LLC
> >
> > Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free)
> > Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
> >
> > ____________________________________________________________
> _____________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
С уважением,
Владислав Захожай
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161129/470df390/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list