ConfigServer Community Forum

hi team,

Here is the regx i made but its not working. I have to block the ip and the logs line is

[2014-07-05 20:19:45] NOTICE[27008][C-00001ac7] chan_sip.c: Call from '' (37.8.5.217:12242) to extension '011972547851891' rejected because extension not found in context 'my_context'.

IP i have to block is 37.8.5.217


The regx i have written is

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /\[\S+\s+\S+\] NOTICE\[\S+\] chan_sip\.c\: Call from '' '(\S+\s?\S+)' to extension '(\S+)\:\d+' \ rejected because extension not found in context 'my_context'/)) {
return ("Bad Call: $1",$2,"INVALIDASTREQUEST","1","1");
}

You should try the following on the regex:

if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /\[\S+\s+\S+\] NOTICE\[\S+\]\[\S+\] chan_sip\.c: Call from '' \((\S+):\S+\) to extension '(S+)' rejected because extension not found in context/)) {
return ("Bad Call to extension: $2",$1,"INVALIDASTREQUEST","1","1");
}

$1 = to the IP to block
$2 = the extension

Hi Sergio,

thanks man, i tried the rule but its not working. i am still getting the request from the same IP. i also have not seen anything in the csf.deny for this rule. can you have a look when convernient.
thanks man

I will send you a PM

Hi all,

I have tested all regex posted here for blocking SIP requests with wrong password. But not working anything. My PBX is based on Elastix and Asterisk version is 11.x. It will be very help full if anybody can suggest any regex for locking down the IP based on the log in

/var/log/asterisk/full

.

For example my log is;

[2015-09-23 13:42:24] NOTICE[19648][C-000006d0] chan_sip.c: Failed to authenticate device 902<sip:902@8.XX.XX.X>;tag=3d9d8284
[2015-09-23 11:54:38] NOTICE[19648] chan_sip.c: Registration from '"708" <sip:708@8.xx.xx.x:5060>' failed for '63.141.243.28:5075' - Wrong password

Thanks in advance

What are the IPs that you want to block on those lines?
The IP that you want to block has to appear on the log line for the REGEX to work.