userblacklist Module

Hardy Kahl

   1&1 Internet AG

Edited by

Henning Westerholt

   1&1 Internet AG
   <henning.westerholt@1und1.de>

   Copyright © 2008 1&1 Internet AG
   Revision History
   Revision $Revision$ $Date$
     __________________________________________________________________

   Table of Contents

   1. Admin Guide

        1. Overview
        2. Dependencies

              2.1. Kamailio Modules
              2.2. External Libraries or Applications

        3. Exported Parameters

              3.1. use_domain (integer)

        4. Exported Functions

              4.1. check_user_blacklist (string user, string domain,
                      string number, string table)

              4.2. check_user_whitelist (string user, string domain,
                      string number, string table)

              4.3. check_blacklist ([string table])

        5. MI Commands

              5.1. reload_blacklist

        6. Installation and Running

              6.1. Database setup

   2. Module parameter for database access.

        1. db_url (String)
        2. userblacklist_table (String)
        3. userblacklist_id_col (string)
        4. userblacklist_username_col (string)
        5. userblacklist_domain_col (string)
        6. userblacklist_prefix_col (string)
        7. userblacklist_whitelist_col (string)
        8. globalblacklist_table (String)
        9. globalblacklist_id_col (string)
        10. globalblacklist_prefix_col (string)
        11. globalblacklist_whitelist_col (string)
        12. globalblacklist_description_col (string)

   List of Examples

   1.1. Set use_domain parameter
   1.2. check_user_blacklist usage
   1.3. check_user_blacklist usage
   1.4. check_blacklist usage
   1.5. reload_blacklists usage
   1.6. Example database content - globalblacklist table
   1.7. Example database content - userblacklist table
   2.1. Set db_url parameter
   2.2. Set userblacklist_table parameter
   2.3. Set userblacklist_id_col parameter
   2.4. Set userblacklist_username_col parameter
   2.5. Set userblacklist_domain_col parameter
   2.6. Set userblacklist_prefix_col parameter
   2.7. Set userblacklist_whitelist_col parameter
   2.8. Set globalblacklist_table parameter
   2.9. Set globalblacklist_id_col parameter
   2.10. Set globalblacklist_prefix_col parameter
   2.11. Set globalblacklist_whitelist_col parameter
   2.12. Set globalblacklist_description_col parameter

Chapter 1. Admin Guide

   Table of Contents

   1. Overview
   2. Dependencies

        2.1. Kamailio Modules
        2.2. External Libraries or Applications

   3. Exported Parameters

        3.1. use_domain (integer)

   4. Exported Functions

        4.1. check_user_blacklist (string user, string domain, string
                number, string table)

        4.2. check_user_whitelist (string user, string domain, string
                number, string table)

        4.3. check_blacklist ([string table])

   5. MI Commands

        5.1. reload_blacklist

   6. Installation and Running

        6.1. Database setup

1. Overview

   The userblacklist module allows Kamailio to handle blacklists on a per
   user basis. This information is stored in a database table, which is
   queried to decide if the number (more exactly, the request URI user) is
   blacklisted or not.

   An additional functionality that this module provides is the ability to
   handle global blacklists. This lists are loaded on startup into memory,
   thus providing a better performance then in the userblacklist case.
   This global blacklists are useful to only allow calls to certain
   international destinations, i.e. block all not whitelisted numbers.
   They could also used to prevent the blacklisting of important numbers,
   as whitelisting is supported too. This is useful for example to prevent
   the customer from blocking emergency call number or service hotlines.

   The module exports three functions, check_blacklist
   check_user_blacklist and check_user_whitelist for usage in the config
   file. Furthermore its provide a FIFO function to reload the global
   blacklist cache.

   Please note that only numerical strings for matching are supported at
   the moment (the used library supports this already, but its not yet
   implemented in the module). Non-digits on the beginning of the matched
   string are skipped, any later non-digits will stop the matching on this
   position.

2. Dependencies

   2.1. Kamailio Modules
   2.2. External Libraries or Applications

2.1. Kamailio Modules

   The module depends on the following modules (in the other words the
   listed modules must be loaded before this module):
     * database -- Any database module

2.2. External Libraries or Applications

   The following libraries or applications must be installed before
   running Kamailio with this module loaded:
     * none

3. Exported Parameters

   3.1. use_domain (integer)

3.1. use_domain (integer)

   If set to non-zero value, the domain column in the userblacklist is
   used.

   Default value is “0”.

   Example 1.1. Set use_domain parameter
...
modparam("userblacklist", "use_domain", 0)
...

4. Exported Functions

   4.1. check_user_blacklist (string user, string domain, string number,
          string table)

   4.2. check_user_whitelist (string user, string domain, string number,
          string table)

   4.3. check_blacklist ([string table])

4.1.  check_user_blacklist (string user, string domain, string number, string
table)

   Finds the longest prefix that matches the request URI user (or the
   number parameter) for the given user and domain name in the database.
   If a match is found and it is not set to whitelist, false is returned.
   Otherwise, true is returned. Pseudo-variables or AVPs can be used for
   the user, domain and number parameters. The number and table variables
   are optional, the defaults are used if they are ommited. The number
   parameter can be used to check for example against the from URI user.

   Example 1.2. check_user_blacklist usage
...
$avp(i:80) = $rU;
# rewrite the R-URI
if (!check_user_blacklist("$avp(i:80)", "$avp(i:82)")) {
        sl_send_reply("403", "Forbidden");
        exit;
}
...

4.2.  check_user_whitelist (string user, string domain, string number, string
table)

   Finds the longest prefix that matches the request URI user (or the
   number parameter) for the given user and domain name in the database.
   If a match is found and it is set to whitelist, true is returned.
   Otherwise, false is returned. Pseudo-variables or AVPs can be used for
   the user, domain and number parameters. The number and table variables
   are optional, the defaults are used if they are ommited. The number
   parameter can be used to check for example against the from URI user.

   Example 1.3. check_user_blacklist usage
...
$avp(i:80) = $rU;
# rewrite the R-URI
if (!check_user_whitelist("$avp(i:80)", "$avp(i:82)")) {
        # process request
        exit;
}
...

4.3.  check_blacklist ([string table])

   Finds the longest prefix that matches the request URI for the given
   table. If a match is found and it is not set to whitelist, false is
   returned. Otherwise, true is returned. If no table is given, then
   globalblacklist_table is used.

   Example 1.4. check_blacklist usage
...
if (!check_blacklist("globalblacklist")) {
        sl_send_reply("403", "Forbidden");
        exit;
}
...

5. MI Commands

   5.1. reload_blacklist

5.1.  reload_blacklist

   Reload the internal global blacklist cache. This is necessary after the
   database tables for the global blacklist have been changed.

   Example 1.5. reload_blacklists usage
...
kamctl fifo reload_blacklist
...

6. Installation and Running

   6.1. Database setup

6.1. Database setup

   Before running Kamailio with userblacklist, you have to setup the
   database table where the module will read the blacklist data. For that,
   if the table was not created by the installation script or you choose
   to install everything by yourself you can use the
   userblacklist-create.sql SQL script in the database directories in the
   kamailio/scripts folder as template. Database and table name can be set
   with module parameters so they can be changed, but the name of the
   columns must be as they are in the SQL script. You can also find the
   complete database documentation on the project webpage,
   http://www.kamailio.org/docs/db-tables/kamailio-db-devel.html.

   Example 1.6. Example database content - globalblacklist table
...
+----+-----------+-----------+
| id | prefix    | whitelist |
+----+-----------+-----------+
|  1 |           |         0 |
|  2 | 1         |         1 |
|  3 | 123456    |         0 |
|  4 | 123455787 |         0 |
+----+-----------+-----------+
...

   This table will setup a global blacklist for all numbers, only allowing
   calls starting with “1”. Numbers that starting with “123456” and
   “123455787” are also blacklisted, because the longest prefix will be
   matched.

   Example 1.7. Example database content - userblacklist table
...
+----+----------------+-------------+-----------+-----------+
| id | username       | domain      | prefix    | whitelist |
+----+----------------+-------------+-----------+-----------+
| 23 | 49721123456788 |             | 1234      |         0 |
| 22 | 49721123456788 |             | 123456788 |         1 |
| 21 | 49721123456789 |             | 12345     |         0 |
| 20 | 494675231      |             | 499034133 |         1 |
| 19 | 494675231      | test        | 499034132 |         0 |
| 18 | 494675453      | test.domain | 49901     |         0 |
| 17 | 494675454      |             | 49900     |         0 |
+----+----------------+-------------+-----------+-----------+
...

   This table will setup user specific blacklists for certain usernames.
   For example for user “49721123456788” the prefix “1234” will be not
   allowed, but the number “123456788” is allowed. Additionally a domain
   could be specified that is used for username matching if the
   “use_domain” parameter is set.

Chapter 2. Module parameter for database access.

   Table of Contents

   1. db_url (String)
   2. userblacklist_table (String)
   3. userblacklist_id_col (string)
   4. userblacklist_username_col (string)
   5. userblacklist_domain_col (string)
   6. userblacklist_prefix_col (string)
   7. userblacklist_whitelist_col (string)
   8. globalblacklist_table (String)
   9. globalblacklist_id_col (string)
   10. globalblacklist_prefix_col (string)
   11. globalblacklist_whitelist_col (string)
   12. globalblacklist_description_col (string)

1. db_url (String)

   URL to the database containing the data.

   Default value is “mysql://openserro:openserro@localhost/openser”.

   Example 2.1. Set db_url parameter
...
modparam("userblacklist", "db_url", "dbdriver://username:password@dbhost/dbname"
)
...

2. userblacklist_table (String)

   Name of the userblacklist table for the userblacklist module.

   Default value is “userblacklist”.

   Example 2.2. Set userblacklist_table parameter
...
modparam("userblacklist", "userblacklist_table", "userblacklist")
...

3. userblacklist_id_col (string)

   unique ID

   Example 2.3. Set userblacklist_id_col parameter
...
modparam("userblacklist", "userblacklist_id_col", "id")
...

4. userblacklist_username_col (string)

   The user that is used for the blacklist lookup.

   Example 2.4. Set userblacklist_username_col parameter
...
modparam("userblacklist", "userblacklist_username_col", "username")
...

5. userblacklist_domain_col (string)

   The domain that is used for the blacklist lookup.

   Example 2.5. Set userblacklist_domain_col parameter
...
modparam("userblacklist", "userblacklist_domain_col", "domain")
...

6. userblacklist_prefix_col (string)

   The prefix that is matched for the blacklist.

   Example 2.6. Set userblacklist_prefix_col parameter
...
modparam("userblacklist", "userblacklist_prefix_col", "prefix")
...

7. userblacklist_whitelist_col (string)

   Specify if this a blacklist (0) or a whitelist (1) entry.

   Example 2.7. Set userblacklist_whitelist_col parameter
...
modparam("userblacklist", "userblacklist_whitelist_col", "whitelist")
...

8. globalblacklist_table (String)

   Name of the globalblacklist table for the userblacklist module. Please
   note that this table is used when the check_blacklist function is
   called with no parameters.

   Default value is “globalblacklist”.

   Example 2.8. Set globalblacklist_table parameter
...
modparam("userblacklist", "globalblacklist_table", "globalblacklist")
...

9. globalblacklist_id_col (string)

   unique ID

   Example 2.9. Set globalblacklist_id_col parameter
...
modparam("userblacklist", "globalblacklist_id_col", "id")
...

10. globalblacklist_prefix_col (string)

   The prefix that is matched for the blacklist.

   Example 2.10. Set globalblacklist_prefix_col parameter
...
modparam("userblacklist", "globalblacklist_prefix_col", "prefix")
...

11. globalblacklist_whitelist_col (string)

   Specify if this a blacklist (0) or a whitelist (1) entry.

   Example 2.11. Set globalblacklist_whitelist_col parameter
...
modparam("userblacklist", "globalblacklist_whitelist_col", "whitelist")
...

12. globalblacklist_description_col (string)

   A comment for the entry.

   Example 2.12. Set globalblacklist_description_col parameter
...
modparam("userblacklist", "globalblacklist_description_col", "description")
...