Formerly we’ve learned how to restrict access with permission.so module based on source IP addresses. Today I’ll show how to restrict access to your OpenSIPS based on usernames, being registering.
loadmodule "permissions.so" # no deps
...
if (is_method("REGISTER")) {
if(!allow_register("register")) {
sl_send_reply(403, "Forbidden by permissions");
exit;
}
“Deny all, but …” policy – we will allow registrations of explicitly defined usernames and drop anybody else.
register.deny file:
ALL : ALL
register.allow file:
# this allows lexus, lexus2, lexus3 to register
"^sip:lexus[23]?@alexeyka.zantsev.com" : ALL
# regexp seems to be CORRECT, but for some reason lexus2 and lexus3 can not register
# "^sip:lexus[\d]?@alexeyka.zantsev.com" : ALL
Have a look how it’s working! A good guy is being registered successfully:
While a bad guy had been kicked:
Another solution using regex.so module from Pavel Eremin. The pros of this method is that it allows editing a txt file with usernames defined and reload regex.so module via MI interface (no restart needed).
And even one more from Răzvan Crainea.