Whitelisting on asterisk: Difference between revisions

From lippmann wiki
Jump to navigation Jump to search
(Created page with "this is copied from https://www.muchtall.com/2012/05/23/whitelisting-incoming-calls-on-asterisk/. all credits go there. Creating a copy here so I have access internally for n...")
 
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
this is copied from https://www.muchtall.com/2012/05/23/whitelisting-incoming-calls-on-asterisk/. all credits go there.
'''this is copied from https://www.muchtall.com/2012/05/23/whitelisting-incoming-calls-on-asterisk/. all credits go there.'''


Creating a copy here so I have access internally for non-interconnected systems.
Creating a copy here so I have access internally for non-interconnected systems.
Line 5: Line 5:
Whitelisting Incoming Calls on Asterisk
Whitelisting Incoming Calls on Asterisk


For some reason, this is a topic that I couldn’t seem to find a simple HOWTO online for, so I had to create my own.
Here are the rules muchtall used in Asterisk to achieve this goal. First, in extensions.conf, I created a macro for whitelisting:


I ran into a situation where I have a large number of auto-answering intercom boxes connected to an Asterisk system. The intercoms are programmed to pick up immediately upon ringing, allowing the caller to communicate with the room’s occupant without any action taken by the occupant. These intercom lines are assigned a DID number from the outside world in a large metro area. See the problem? The occupants were getting a number of calls from locals whom had dialed the wrong number. Sometimes the caller wouldn’t hear a response, so they’d call back repeatedly, to the irritation of the occupant. For our scenario, blacklisting wasn’t a good option. In metro areas, misdialed numbers are common, and rarely from the same person. I needed to only allow a handful (~20-50) of callers that we knew would be calling the intercoms legitimately. Furthermore, it would be useful to have a notice played for a blocked caller to that they knew either to not try calling again, or to contact us to whitelist the number.
; Only allows calls from numbers in the whitelist DB
 
[macro-inbound-whitelist]
Here are the rules I used in Asterisk to achieve this goal. First, in extensions.conf, I created a macro for whitelisting:
exten => s,1,GotoIf(${DB_EXISTS(whitelist/${CALLERID(num)})}?:blacklisted,s,1)
 
exten => s,2,Dial(${ARG1})
; Only allows calls from numbers in the whitelist DB
[macro-inbound-whitelist]
exten => s,1,GotoIf(${DB_EXISTS(whitelist/${CALLERID(num)})}?:blacklisted,s,1)
exten => s,2,Dial(${ARG1})


Then, if you don’t have a blacklisted context already, create one:
Then, if you don’t have a blacklisted context already, create one:


[blacklisted]
[blacklisted]
exten => s,1,Playback(not-taking-your-call)
exten => s,1,Playback(not-taking-your-call)
exten => s,3,Hangup
exten => s,3,Hangup


Next, change your inbound call config to use the inbound-whitelist macro:
Next, change your inbound call config to use the inbound-whitelist macro:


exten => 5551234567,1,Macro(inbound-whitelist,SIP/123)
exten => 5551234567,1,Macro(inbound-whitelist,SIP/123)
exten => 5551234567,2,Hangup
exten => 5551234567,2,Hangup


Reload the asterisk config and make a test call. You should get a recording saying that it (Asterisk) is not taking your call.
Reload the asterisk config and make a test call. You should get a recording saying that it (Asterisk) is not taking your call.
Line 31: Line 27:
Now add your number to the whitelist:
Now add your number to the whitelist:


asterisk -r
asterisk -r
database put whitelist 5551230000 1
database put whitelist 5551230000 1


And do another test call.
And do another test call.
Line 42: Line 38:
UPDATE: I found that comparing against two whitelists (a customer whitelist, and our support number whitelist) can be handy. Use this line instead if you want similar logic:
UPDATE: I found that comparing against two whitelists (a customer whitelist, and our support number whitelist) can be handy. Use this line instead if you want similar logic:


exten => s,1,GotoIf($[ ${DB_EXISTS(whitelist-${ARG2}/${CALLERID(num)})} | ${DB_EXISTS(whitelist-support/${CALLERID(num)})} ]?:blacklisted,s,1)
exten => s,1,GotoIf($[
${DB_EXISTS(whitelist-${ARG2}/${CALLERID(num)})} |
${DB_EXISTS(whitelist-support/${CALLERID(num)})}
]?:blacklisted,s,1)


Also with this option, I can treat the whitelist name as an argument in my macro call:
Also with this option, I can treat the whitelist name as an argument in my macro call:


exten => 5551234567,1,Macro(inbound-whitelist,SIP/123,customername)
exten => 5551234567,1,Macro(inbound-whitelist,SIP/123,customername)


In this case, the whitelist DB would be named “whitelist-customername”.
In this case, the whitelist DB would be named “whitelist-customername”.

Latest revision as of 15:24, 25 May 2019

this is copied from https://www.muchtall.com/2012/05/23/whitelisting-incoming-calls-on-asterisk/. all credits go there.

Creating a copy here so I have access internally for non-interconnected systems.

Whitelisting Incoming Calls on Asterisk

Here are the rules muchtall used in Asterisk to achieve this goal. First, in extensions.conf, I created a macro for whitelisting:

; Only allows calls from numbers in the whitelist DB
[macro-inbound-whitelist]
exten => s,1,GotoIf(${DB_EXISTS(whitelist/${CALLERID(num)})}?:blacklisted,s,1)
exten => s,2,Dial(${ARG1})

Then, if you don’t have a blacklisted context already, create one:

[blacklisted]
exten => s,1,Playback(not-taking-your-call)
exten => s,3,Hangup

Next, change your inbound call config to use the inbound-whitelist macro:

exten => 5551234567,1,Macro(inbound-whitelist,SIP/123)
exten => 5551234567,2,Hangup

Reload the asterisk config and make a test call. You should get a recording saying that it (Asterisk) is not taking your call.

Now add your number to the whitelist:

asterisk -r
database put whitelist 5551230000 1

And do another test call.

One last word of warning. I did once run into a condition where our telco provider abruptly stopped sending caller ID through our PRI. When this happens, ALL calls show up as null/blank calling numbers. In these instances, ALL calls to your whitelist-protected extensions will be blocked (at least from outside). To temporarily disable whitelisting until the problem is resolved, simply comment out the “exten => s,1,GotoIf …” line and reload asterisk.

Hopefully this saved someone else out there some time.

UPDATE: I found that comparing against two whitelists (a customer whitelist, and our support number whitelist) can be handy. Use this line instead if you want similar logic:

exten => s,1,GotoIf($[
${DB_EXISTS(whitelist-${ARG2}/${CALLERID(num)})} |
${DB_EXISTS(whitelist-support/${CALLERID(num)})}
]?:blacklisted,s,1)

Also with this option, I can treat the whitelist name as an argument in my macro call:

exten => 5551234567,1,Macro(inbound-whitelist,SIP/123,customername)

In this case, the whitelist DB would be named “whitelist-customername”.