Stop direct IP access, reg via FQDN only

Hi All,

Using Asterisk 16.11.1 (with pjsip) and just wondered if there is a way to stop direct access via the servers IP address and force registration to happen via FQDN only.

Any advice would be much appreciated.

Thanks :smile:

That’s not really something you can do, as a FQDN is resolved to an IP address in order to reach a server.

What are you trying to accomplish?

Keep IP range scanners from finding your server? Maybe a iptables ‘white list’ or fail2ban would be of use?

Hi All,

thanks for replying so soon :slight_smile:

Should of explained the setup. Am trying to stop a reg happening via IP because i have 2 identical asterisk servers in a failover setup on different public IP address’s. I only want a reg to happen via the FQDN, I don’t want the secondary backup server being used. The FQDN will automatically point to the secondary server when the primary is offline.

I believe this can be done with http with a proxy just wondering if asterisk can do it with SIP -

Ell :slight_smile:

As theoretically pjsip support multidomain, if your endpoint is 1000 and your domain is domain.org in a endpoint type block:

type=endpoint

With this change, the users can register only over your domain.

1 Like

Could you elaborate more or show an example of how this would be written in a pjsip.conf file? it would much appreciated as this issue is something i’ve been trying to solve for a while.

Thanks Ell :slight_smile:

Somethink Like:

[````]
type=endpoint
context=internal
disallow=all
allow=ulaw
auth=auth6001
aors=``6001

[auth6001]
type=auth
auth_type=userpass
password=``6001
username=``6001

[``6001``]
type=aor
max_contacts=``1

This configuration had a BUG:

The last time I tried it on the latest Asterisk 16 version, works.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.