modules/websocket: Updated documentation and fixed typo in configuration file example
authorPeter Dunkley <peter.dunkley@crocodile-rcs.com>
Thu, 27 Sep 2012 15:29:03 +0000 (16:29 +0100)
committerPeter Dunkley <peter.dunkley@crocodile-rcs.com>
Thu, 27 Sep 2012 15:29:03 +0000 (16:29 +0100)
modules/websocket/README
modules/websocket/doc/websocket_admin.xml
modules/websocket/example/kamailio.cfg

index 5a34e3a..9f55bb0 100644 (file)
@@ -135,7 +135,12 @@ event_route[xhttp:request] {
         set_reply_close();
         set_reply_no_connect();
 
-        if ($Rp != 80 && $Rp != 443) {
+        if ($Rp != 80
+#!ifdef WITH_TLS
+            && $Rp != 443
+#!endif
+        ) {
+
                 xlog("L_WARN", "HTTP request received on $Rp\n");
                 xhttp_reply("403", "Forbidden", "", "");
                 exit;
@@ -146,17 +151,25 @@ event_route[xhttp:request] {
         if ($hdr(Upgrade)=~"websocket"
                         && $hdr(Connection)=~"Upgrade"
                         && $rm=~"GET") {
-                xlog("L_DBG", "WebSocket\n");
-                xlog("L_DBG", " Host: $hdr(Host)\n");
-                xlog("L_DBG", " Origin: $hdr(Origin)\n");
 
-                if ($hdr(Host) == $null || !is_myself($hdr(Host))) {
+                # Validate Host - make sure the client is using the correct
+                # alias for WebSockets
+                if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
                         xlog("L_WARN", "Bad host $hdr(Host)\n");
                         xhttp_reply("403", "Forbidden", "", "");
                         exit;
                 }
 
-                # Optional... validate Origin
+                # Optional... validate Origin - make sure the client is from an
+                # authorised website.  For example,
+                #
+                # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
+                #     && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
+                #       xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
+                #       xhttp_reply("403", "Forbidden", "", "");
+                #       exit;
+                # }
+
                 # Optional... perform HTTP authentication
 
                 # ws_handle_handshake() exits (no further configuration file
index 6609275..7dcdc13 100644 (file)
@@ -51,7 +51,12 @@ event_route[xhttp:request] {
         set_reply_close();
         set_reply_no_connect();
 
-        if ($Rp != 80 && $Rp != 443) {
+        if ($Rp != 80
+#!ifdef WITH_TLS
+            && $Rp != 443
+#!endif
+        ) {
+
                 xlog("L_WARN", "HTTP request received on $Rp\n");
                 xhttp_reply("403", "Forbidden", "", "");
                 exit;
@@ -62,17 +67,25 @@ event_route[xhttp:request] {
         if ($hdr(Upgrade)=~"websocket"
                         && $hdr(Connection)=~"Upgrade"
                         && $rm=~"GET") {
-                xlog("L_DBG", "WebSocket\n");
-                xlog("L_DBG", " Host: $hdr(Host)\n");
-                xlog("L_DBG", " Origin: $hdr(Origin)\n");
 
-                if ($hdr(Host) == $null || !is_myself($hdr(Host))) {
+                # Validate Host - make sure the client is using the correct
+                # alias for WebSockets
+                if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
                         xlog("L_WARN", "Bad host $hdr(Host)\n");
                         xhttp_reply("403", "Forbidden", "", "");
                         exit;
                 }
 
-                # Optional... validate Origin
+                # Optional... validate Origin - make sure the client is from an
+                # authorised website.  For example,
+                #
+                # if ($hdr(Origin) != "http://communicator.MY_DOMAIN"
+                #     && $hdr(Origin) != "https://communicator.MY_DOMAIN") {
+                #       xlog("L_WARN", "Unauthorised client $hdr(Origin)\n");
+                #       xhttp_reply("403", "Forbidden", "", "");
+                #       exit;
+                # }
+
                 # Optional... perform HTTP authentication
 
                 # ws_handle_handshake() exits (no further configuration file
index 17ae075..f4b4c12 100644 (file)
@@ -355,7 +355,7 @@ event_route[xhttp:request] {
                # processing of the request) when complete.
                if (ws_handle_handshake())
                {
-                       # Optional... cache some information abou the
+                       # Optional... cache some information about the
                        # successful connection
                        exit;
                }