– Kamailio SIP Server –

How to restrict calls to only registered users

There are a couple of ways to authenticate INVITEs.

Using membership in the grp table you can try the following:

if (!is_user_in("From", "active")) {
  exit;
};

You need to insert a username, domain and grp=“active” into the grp table for the above test to pass.

If you would like to use AVP's, the following example might work for you:

if (avp_db_load("$from/username", "s:active")) {
  if (!avp_check("s:active", "eq/y/i")) {
  exit;
  };
};

You need to insert a username, domain, attribute=“active”, value=“y” in the usr_preferences for the above test to pass.

Another (or additional) test would be to execute the following logic:

if (is_method("INVITE") && !allow_trusted()) {
  if (!proxy_authorize("", "subscriber")) {
    proxy_challenge("", "0");
    exit;
  } else if (!check_from()) {
    sl_send_reply("403", "Unauthorized: From username does not match digest credentials");
    exit;
  } else {
    append_rpid_hf();
  };
    consume_credentials();
};

It is possible to use all three methods above at the same time to provide granular control over INVITEs.