[asterisk-bugs] [JIRA] (ASTERISK-28094) pjsip. Disable anonymous for local sip domains and force to inbound registration

Asterisk Team (JIRA) noreply at issues.asterisk.org
Fri Oct 5 16:35:54 CDT 2018 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=245089#comment-245089 ] 

Asterisk Team commented on ASTERISK-28094:
------------------------------------------

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

> pjsip. Disable anonymous for local sip domains and force to inbound registration
> --------------------------------------------------------------------------------
>
>                 Key: ASTERISK-28094
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28094
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Resources/res_pjsip_endpoint_identifier_anonymous
>    Affects Versions: 15.6.1
>            Reporter: Dmitriy Serov
>            Severity: Minor
>              Labels: pjsip
>
> A typical server has local users. And often the server allows incoming calls from other SIP servers that can not be authorized.
> Therefore, anonymous must be allowed on the server.
> But if someone makes a call using my domain (from), why should the server allow such a call without authentication?
> https://blogs.asterisk.org/2018/02/07/identifying-endpoint-pjsip/
> The way anonymous@<domain> does not solve this problem.
> The solution would be to be able to create some anonymous at other or anonymous at external that would be used for "others" or "non-local".
> Another solution would be to add the anonymous_disable=yes option to the DOMAIN_ALIAS section
> But it's not easy for my level of programming. I just added just one line to the code (patch attached), which forces authentication of anyone who dares to specify my local domains in the from field



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list