Security section is used for management of SIP protocol security options such as SIP User Agent Blacklist, Source IP Whitelist, and Traffic Spike Control.
User Agent Blacklist
This section allows you to ban SIP User Agents that are frequently used for brute force attacks.
Enable User Agent Blacklist. Enables User Agent verification against the blacklist. This is enabled by default.
User Agent Blacklist. Blacklist is pre-populated by default with User Agents known to be used for SIP system hacking.
Source IP Whitelist
In this section you can manage a whitelist of trusted Source IP Addresses that are allowed to send requests to your server.
Enable Source IP Whitelist. Enables source IP address verification against the whitelist. All the requests from IP addresses in this list will be allowed, and other requests will be dropped.
Source IP Whitelist. Each entry must contain individual host IP address. Network addresses are not supported.
Traffic Spike Control
In this section you can configure trae of incoming request's IP source and blocks the ones that exceeded specified limits.
Enable Traffic Spike Control. Enables limiting incoming requests and blocks source IP address that exceeds it. It is enabled by default.
Sampling Time Unit. Time period in seconds used for sampling. A too small value may lead to performance penalties.
Max Requests. How many requests should be allowed per Sampling Time Unit before blocking all the incoming requests from source IP address.
Address Removal Timeout. Specify for how long the IP address will be kept in memory after the last request from that IP address in order to count subsequent requests.
Blocking Auto Expiration Time. Time period in seconds used to keep source IP address in the banned IPs list.
Max Number of Addresses. Number specifying the size of ban hash table. The possible range is from 2 to 31.
It is strongly reccomended to set Max Requests to a small number and make Address Removal Timeout as long as possible, while using Source IP Whitelist to process all SIP traffic from known addresses without possibility of blocking it.