Now that we are connected to the PSTN it is important to take care of some security considerations. Re-INVITES are being processed under the loose route section. These re-INVITES are not being challenged for its credentials. To enhance the security add the script below to your loose_route
section. If the request is sequential (has_totag()
) it need to have a ROUTE header. If it does not have (checked by the function loose_route()
) we will discard the request with an error type "404, Not Here". Check the file openser.chapter7-3 if you have any doubt.
if (has_totag()) { # sequential request withing a dialog should # take the path determined by record-routing if (loose_route()) { #Check authentication of re-invites if(method=="INVITE" && (!allow_trusted())) { if (!proxy_authorize("","subscriber")) { proxy_challenge("","1"); exit; } else if (!check_from()) {...