{"id":1348,"date":"2019-07-11T14:23:09","date_gmt":"2019-07-11T09:23:09","guid":{"rendered":"http:\/\/alexeyka.zantsev.com\/?p=1348"},"modified":"2021-03-17T16:51:34","modified_gmt":"2021-03-17T11:51:34","slug":"opensips-filter-register-requests-based-on-username-2","status":"publish","type":"post","link":"https:\/\/alexeyka.zantsev.com\/?p=1348","title":{"rendered":"OpenSIPS: filter REGISTER requests based on username"},"content":{"rendered":"\n

Formerly we’ve learned how to restrict access with permission.so module based on source IP addresses<\/a>. Today I’ll show how to restrict access to your OpenSIPS based on usernames, being registering.<\/p>\n\n\n\n

loadmodule \"permissions.so\" # no deps

... 

if (is_method(\"REGISTER\")) {
  if(!allow_register(\"register\")) {
    sl_send_reply(403, \"Forbidden by permissions\");
    exit;
  } <\/pre>\n\n\n\n
“Deny all, but …” policy – we will allow registrations of explicitly defined usernames and drop anybody else.<\/p>\n\n\n\n
register.deny file:

ALL : ALL

 
register.allow file:

# this allows lexus, lexus2, lexus3 to register 
\"^sip:lexus[23]?@alexeyka.zantsev.com\" : ALL 

# regexp seems to be CORRECT, but for some reason lexus2 and lexus3 can not register 
# \"^sip:lexus[\\d]?@alexeyka.zantsev.com\" : ALL<\/pre>\n\n\n\n
Have a look how it’s working! A good guy is being registered successfully:<\/p>\n\n\n\n
\"\"<\/a>
good guy<\/figcaption><\/figure>\n\n\n\n
While a bad guy had been kicked:<\/p>\n\n\n\n
\"\"<\/a>
bad guy<\/figcaption><\/figure>\n\n\n\n
Another solution<\/a> using regex.so module from Pavel Eremin. The pros of this method is that it allows editing a txt file with usernames defined and reload regex.so module<\/a> via MI interface (no restart needed).<\/p>\n\n\n\n
And even one more<\/a> from R\u0103zvan Crainea.<\/p>\n","protected":false},"excerpt":{"rendered":"
Formerly we’ve learned how to restrict access with permission.so module based on source IP addresses. Today I’ll show how to restrict access to your OpenSIPS based on usernames, being registering. loadmodule “permissions.so” # no deps… if (is_method(“REGISTER”)) { if(!allow_register(“register”)) { sl_send_reply(403, “Forbidden by permissions”); exit; } “Deny all, but …” policy – we will allow […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[208,88],"class_list":["post-1348","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-opensips","tag-sip"],"_links":{"self":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/1348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1348"}],"version-history":[{"count":10,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/1348\/revisions"}],"predecessor-version":[{"id":5061,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/1348\/revisions\/5061"}],"wp:attachment":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}