Force Asterisk to challenge all SIP requests with a 401/407 response

0
votes

I am looking for a config file entry to force an Asterisk server to respond to all SIP requests (that do not contain valid Authorization credentials) with a 401/407 response.

Setting "host=dynamic" in sip.conf can be used to enable authentication challenges for REGISTER and INVITE but doesn't seem to apply to BYE, SUBSCRIBE, etc.

Is there such a command for Asterisk? Maybe something like "insecure=no" that applies to all SIP methods?

1
sipasterisk
I glanced through the chan_sip.c source file and it looks like this is only possible for REGISTER, INVITE, OPTIONS and PUBLISH. Maybe I'm missing something?JayG
Sounds like something I would do in a simple proxy, especially if the purpose is DOS defense.Szocske

1 Answers

0
votes

There is no configuration setting for this in Asterisk. Host=dynamic just forces you to REGISTER, it has nothing to do with authentication.

Setting secret= enables authentication. The code decides when and why to authenticate. Subscribe should be authenticated, if not, that is a bug and should be reported.