[Freeswitch-users] log X-AUTH-IP instead of source IP
Vladyslav Zakhozhai
v.zakhozhai at gmail.com
Tue Nov 29 12:22:25 MSK 2016
Hi Roman,
I think that more elegant solution for your task is cut off bruteforce on
Kamailio side rather than on FreeSWITCH. You do not need (and must not)
pass malicious traffic to backends. It is best practice.
Is every inbound requests (REGISTER, INVITE) passes Kamailio? If Kamailio
work as stateful SIP proxy then you can pay attention to unsuccessful
authentication attempts in reply routes and manages it, for example, with
pike or something like that. Or event configure fail2ban on Kamailio server
rather than on FreeSWITCH.
This is just my opinion.
2016-11-29 10:50 GMT+02:00 Alex Balashov <abalashov at evaristesys.com>:
> On Tue, Nov 29, 2016 at 09:37:26AM +0100, Roman Dissauer wrote:
>
> > I already get the original source IP into FS but I need to log
> unsuccessful auth attempts with original IP to block them with fail2ban.
> > The default log message „SIP auth challenge…“ does only log the Proxy IP
>
> Ah, I see.
>
> I must have misunderstood your question, then. It sounds like what you
> actually want to know is how to issue an arbitrary log statement?
>
> I think this page answers that question:
>
> https://wiki.freeswitch.org/wiki/Misc._Dialplan_Tools_log
>
> Or did I miss something still?
>
> -- Alex
>
> --
> Alex Balashov | Principal | Evariste Systems LLC
>
> Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
С уважением,
Владислав Захожай
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20161129/d17e41ce/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list