[Freeswitch-users] ACLs through proxy
freeswitch-users-list at metik.com
Thu Dec 17 18:43:28 PST 2009
This may be difficult considering that ACL needs to consider the
original src IP/URI. To do that it, freeswitch would need to do so
using a header that retains that information (i.e. From, Via, Contact,
etc.). Which I do not believe is currently possible using auth-acl or
However, you should be able to emulate the behavior using mod_xml_curl
(and validating against appropriate variables available when using it to
authenticate the request).
Bill W wrote:
> Hey Brian,
> I've been doing some testing and I am unable to get auth-calls to work
> through a proxy the way I want them to, even with setting
> apply-proxy-acl to either the endpoint IP or the proxy IP.
> I have a multi-tenant system with multiple domains with multiple users
> in each domain. And I want to restrict a user to an arbitrary CIDR and
> challenge them for a password. The arbitrary CIDR will vary from UA to
> UA, and is specified in the directory via the auth-acl parameter.
> TL,DR; I want to get auth-calls to use the IP of the UA endpoint, not of
> the proxy.
> Brian West wrote:
>> it needs to be an ACL from acl.conf or a ip/cidr
>> On Dec 17, 2009, at 5:41 AM, Bill W wrote:
>>> Okay, I added: <param name="apply-proxy-acl" value="true"/> to my sofia
>>> profile and restarted sofia, and still no joy.
>>> I'm on FreeSWITCH Version 1.0.trunk (15764)
>>> I've got <param name="auth-acl" value="188.8.131.52/32"></param> in
>>> the directory, but I'm still being rejected by the acl:
>>> 2009-12-17 06:04:59.920517 [WARNING] sofia_reg.c:1928 IP 184.108.40.206
>>> Rejected by user acl 220.127.116.11/32
>>> Here's what I believe is the appropriate snippet of the debug output:
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
More information about the FreeSWITCH-users