From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Kevin Larsen Sent: Tuesday, June 2, 2015 4:09 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Forward loop protection...> Ia had a server overload today because someone did a call forward > to their own extension. To do a call forward I write a key called CFWD > with the extensi?n number and number to dial . The main script tests if > the key/value exists and dials the number stored in the database. What > is an easy way to prevent dumb people from creating a loop?Right after you have read the number to call forward to, compare it to the number you are call forwarding from. If it matches, play the user an error message and have them try again. And no matter what you do, the dumb people will come up with more creative ways to tank your phone system. A large amount of my dialplan code is taking into account the stupid things they have done and handling it properly if they do it again. I swear, if you could harness their creativity for good you could solve the world's problems 10 times over. The loop checking is a bit more challenging than that. If Bob forwards to Fred and Fred forwards to Sue, all is well when Bob and Fred head out for a beer. A little later, we?re in deep doo-do0 when Sue forwards to Bob. --Don -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150602/787eb893/attachment.html>
Could this possibly mean that any person who has CF set should never be available as CF Destination. Simple db entry/check can have this done. On Tue, Jun 2, 2015 at 5:34 PM, <dk at donkelly.biz> wrote:> > > > > *From:* asterisk-users-bounces at lists.digium.com [mailto: > asterisk-users-bounces at lists.digium.com] *On Behalf Of *Kevin Larsen > *Sent:* Tuesday, June 2, 2015 4:09 PM > *To:* Asterisk Users Mailing List - Non-Commercial Discussion > *Subject:* Re: [asterisk-users] Forward loop protection... > > > > > Ia had a server overload today because someone did a call forward > > to their own extension. To do a call forward I write a key called CFWD > > with the extensi?n number and number to dial . The main script tests if > > the key/value exists and dials the number stored in the database. What > > is an easy way to prevent dumb people from creating a loop? > > Right after you have read the number to call forward to, compare it to the > number you are call forwarding from. If it matches, play the user an error > message and have them try again. > > And no matter what you do, the dumb people will come up with more creative > ways to tank your phone system. A large amount of my dialplan code is > taking into account the stupid things they have done and handling it > properly if they do it again. I swear, if you could harness their > creativity for good you could solve the world's problems 10 times over. > > > > The loop checking is a bit more challenging than that. If Bob forwards to > Fred and Fred forwards to Sue, all is well when Bob and Fred head out for a > beer. A little later, we?re in deep doo-do0 when Sue forwards to Bob. > > > > --Don > > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150602/36617329/attachment.html>
>> The loop checking is a bit more challenging than that. If Bob >> forwards to Fred and Fred forwards to Sue, all is well when Bob and >> Fred head out for a beer. A little later, we?re in deep doo-do0 when >> Sue forwards to Bob.> Could this possibly mean that any person who has CF set should never > be available as CF Destination. Simple db entry/check can have thisdone. That just goes to show that the problem can get complex pretty quickly. Using the original example above, it might be that you want to allow the Bob to Fred to Sue forwards, but only stop it if the Sue to Bob link is established, thus creating the loop. I wonder if you could do some kind of recursive check where you follow each forward and if you ever come back around to a number you have already checked you know there is a loop. To reuse the example above, on the creation of the Bob to Fred forward, the database is checked to see if Fred has any forwards. He doesn't, so is at the end of the forwarding chain. Now Fred forwards to Sue. Again, she is at the end of the chain, so it is allowed. When Sue goes to forward to Bob, the check shows that Bob has a forward. Not a problem, but we create a temporary list that has Sue's number in it. Then we check the next stage of forwarding. Bob forwards to Fred. Fred's is checked against our temporary list and doesn't match, so we are still good. Bob's number is now added to the temporary list and we check the forward Fred has in place. Fred forward's to Sue. We check Sue's number against the temporary list and it does exist. Thus we have a loop detected and the forward can now be denied. I am guessing with the recursion involved you might want to do the check outside of Asterisk and pass the result back in. I will also state that I have not had to do this deep checking in the past, so these are just some initial thoughts on how I would start approaching the problem. Of course, this also assumes that Bob, Fred, and Sue are all on the same phone system. If you don't have a shared database to look at, the problem just got harder indeed. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150602/1ebdeb4b/attachment.html>