Per User Number Blocking


I am trying to block certain numbers for certain users. It would seem that this isn’t possible with asterisk. Here’s my extensions.conf file. The “no-user1.conf” file has a number that I want to block for user1 only. However, for user1 to be able to reach user2, I have to include access to user2’s dial plan via the local context. This has the effect of therefore bringing into access to the blocked number to user2’s dial plan as well!

#include “no-user1.conf”
#include "dp-user1.conf"
include => local

#include “no-user2.conf”
#include "dp-user2.conf"
include => local

#include “no-atauser1.conf”
#include "dp-atauser1.conf"
include => local

exten => _X.,1,Answer
exten => _X.,2,Dial(SIP/${EXTEN}@sip_proxy,30,rT)

; Master context for local, toll-free, and iaxtel calls only
ignorepat => 9

include => c_user1
include => c_user2
include => c_atauser1
include => sip_proxy_out

And here’s the dial plan…

bil-pdev-4*CLI> show dialplan
[ Context ‘local’ created by ‘pbx_config’ ]
Include => ‘c_user1’ [pbx_config]
Include => ‘c_user2’ [pbx_config]
Include => ‘c_atauser1’ [pbx_config]
Ignore pattern => ‘9’ [pbx_config]

[ Context ‘sip_proxy_out’ created by ‘pbx_config’ ]
’_X.’ => 1. Answer() [pbx_config]
2. Dial(SIP/${EXTEN}@sip_proxy|30|rT) [pbx_config]

[ Context ‘c_atauser1’ created by ‘pbx_config’ ]
Include => ‘local’ [pbx_config]
[ Context ‘c_user2’ created by ‘pbx_config’ ]
‘4063250071’ => 1. Answer() [pbx_config]
2. Dial(SIP/user2) [pbx_config]
3. Hangup() [pbx_config]

Include => ‘local’ [pbx_config]
[ Context ‘c_user1’ created by ‘pbx_config’ ]
‘1234’ => 1. Answer() [pbx_config]
2. Playback(cannot-complete-as-dialed) [pbx_config]
3. Hangup() [pbx_config]
‘4063250070’ => 1. Answer() [pbx_config]
2. Dial(SIP/user1&SIP/user2) [pbx_config]
3. Hangup() [pbx_config]

Include => ‘local’ [pbx_config]
[ Context ‘parkedcalls’ created by ‘res_features’ ]
‘700’ => 1. Park()

Does anyone know of a simple way to provision per user number blocking in Asterisk?

And don’t say something like:
exten => 5551212/5559999
because we are provisioning our users as SIP users (ie alphanumberic), not as extensions, so isn’t really feesible. Sure, it will work, but the call blocking will follow the number, not the user.


Contexts were created for this very reason. Assuming user1 is configured to use context [c_user1], why are you including no-user1.conf in that context?


Because no-user1.conf has the restricted numbers. The idea was to first block certain numbers for a user, and then give them access to the local context so that they could dial other users. When you do this however, all the users in local ALSO get access to the restricted numbers in no-user1.conf.

People keep replying and telling me that this is the sort of thing contexts where supposed to address. I have yet to see someone explicitly explain how contexts can achieve this, or provide an example.


People keep replying and telling me that this is the sort of thing contexts where supposed to address. I have yet to see someone explicitly explain how contexts can achieve this, or provide an example.[/quote]

I didn’t test it but I think tkat extensions that match most will be dialed. So, if you make user_1 context and define all extensions he shuld’t dial to play sound “You are not allow to dial this number”. Afther that you include all other extensions. For blocked numbers he will allways dial defined number with play command.


Your completely missing the point.


wow, way to treat people who want to help you.


I’ve always gotten very annoyed when people jump on the bandwagon and say something is true, simply because they’ve heard it before, but can’t quantify why.

If anyone would be so kind, I would really like to see an example of how I can block say for example, 1900 numbers, for a single user, by only using contexts. Thanks.

Maybe I could do something like this…
#include "user1-restricted.conf"
include => user2
include => user3
include => userN

… but then every user will have to include every other user, and by the time we have hundreds or thousands of users, this is going to become an administrative nightmare.


my head hurt too much looking at your conf files in the OP, but i don’t see why you can’t define a context for each user that firstly included another context that contained either the “banned” number, or a dialstring that match the prefix you want to ban (and sent them to a message), then included the regular dialplan you want to use.

sort of like speeddials but in reverse.


ok, i think you’re getting there, but i’m not sure why you need to do all the includes of other user contexts ?

i’m starting to think you’d be better off writing an AGI that checked the DNID against a mySQL db record for that extension. now that would be clean.


I need to include the other contexts so that the users can reach each other. If I don’t include the context for user2 in the context of user1, user1 will not be able to reach user2.

Are you suggesting I block calls based on caller id? Won’t work. We have set multiple extensions in sip.conf to have the same caller id number. This is because we want all outgoing calls for a group of phones to appear to be coming from the same main number.

I just tried this approach I had above. Doesn’t work either! What’s the point of contexts if you a) have to include other users contexts to be able to reach them and b) when you do that they include the other users. The end result is a flat global dial plan where contexts are a waste of time.



#include "3250071-restricted.conf"
exten => _3250071,1,Dial(SIP/${EXTEN},20,tr)
exten => _3250071,2,Answer
exten => _3250071,3,Wait,1
exten => _3250071,4,Voicemail(${EXTEN}@vm_www)
exten => _3250071,5,Hangup

include => c_all

#include "3250072-restricted.conf"
exten => _3250072,1,Dial(SIP/${EXTEN},20,tr)
exten => _3250072,2,Answer
exten => _3250072,3,Wait,1
exten => _3250072,4,Voicemail(${EXTEN}@vm_www)
exten => _3250072,5,Hangup

include => c_all

include => c_3250071
include => c_3250072

In c_3250071 context I block some numbers. For c_3250072 I have to include the context of c_3250071 so that I can reach it. When I do that, the blocked numbers for 3250071 also get applied to 3250072.



DNID <> Caller*ID, but the number dialled.

how important is this to you ? why not offer a bounty, or pay someone to write it for you.


So, what’s the difference between the DNID and the use of:

exten => ,do-something

I’m not following how the use of DNID and MySQL would offer anything over what’s standard in extensions.conf with the use of the ‘exten’ command.

This is very imporant to us. We just purchased Asterisk Business Edition and I’m on hold right now. I don’t think their standard support includes configuration questions though (just installation ones). What a crock! What a let down. Great product, with absolutely no support.


afaik, you get support to the level you pay for. if you don’t pay anything you still get some support.

the confusion you’re experiencing is around the include’ing of contexts to support your call-blocking.

i merely suggested an AGI app to rid you of the context mess. you could use a simple dialplan that checked the DNID against a set of records for the EXTEN doing the calling, and decide what to do from there. no context mess, just a little AGI app.

heck, i might write one just to prove it can be done. i know someone else who might like this :smiling_imp:


Ok, so my knowledge of AGI is pretty limited.

I don’t see how that would help either. At the point we execute the AGI script in the dialplan, all we have is the dialled number. We have no concept of a context because we can supposedly remove this dependancy with the AGI script. We need SOME concept of a user when executing the AGI script, so that we can compare the dialled number against what is allowed for that user. How do we pass a user to the script? Caller id won’t do it, because we want to set caller id to be the same for some extensions under certain conditions.


who says we don’t know who the caller is ? i would hope we do, or else how would things like CDR work ? or bridging ?

what variant and build are you using btw ? any GUI add-on ?


How do we know who the user is?