[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Stop RPS from asking for <mac>.cfg and common cfg
Author Message
zirophyz Offline
Junior Member
**

Posts: 3
Joined: Nov 2016
Reputation: 0
Post: #1
Stop RPS from asking for <mac>.cfg and common cfg
Hi all,

I am reinventing a wheel and writing a php script that will sit on my provisioning server, responsible for "authorizing" and then serving up configuration files.

The idea is that the phones will hit a backend php script, which will collect the phones MAC address (from the http user agent), look it up in a MySQL database which contains a reference of files to serve.

I am wondering, is it possible to get RPS to only make a single request instead of also asking for specific config files?

For example, in apache logs we see the phone making three requests;

[08/Nov/2016:13:44:37 +1000] "GET /ylk/ HTTP/1.1" 200 - "-" "Yealink SIP-T48G 35.80.0.130 00:15:56:2B:0E:59"
[08/Nov/2016:13:44:38 +1000] "GET /ylk/001565b20e59.cfg HTTP/1.1" 200 - "-" "Yealink SIP-T48G 35.80.0.130 00:15:56:2B:0E:59"
[08/Nov/2016:13:44:38 +1000] "GET /ylk/y000000000035.cfg HTTP/1.1" 200 - "-" "Yealink SIP-T48G 35.80.0.130 00:15:56:2B:0E:59"

The first GET hits the script, but can I get it to stop requesting the two other individual mac and common config files (as, I will provide these to the phone via the script).

Or, maybe I am going about this the wrong way and should just use the script to validate a legitimate MAC address, then use a redirect to send the phone to another directory containing encrypted config files. I'm attempting to reduce the exposure of config files to the broader internet.

Thanks in advance,
11-08-2016 04:03 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
jolouis Offline
Moderator
*****

Posts: 339
Joined: Oct 2013
Reputation: 6
Post: #2
RE: Stop RPS from asking for <mac>.cfg and common cfg
Just because the phone requests the different config files does not mean you need to actually serve or provide all of them. For example, it would be fairly easy to setup your server so that it only processes requests for the generic model number files (y0000000000035.cfg) and ignore everything else. Then, whenever the request for that file comes in you do your backend lookup on the MAC info passed by the user agent, and simply pass through (or generate, whatever you want to do) your encrypted config file. Just my two cents anyway.
11-08-2016 02:11 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
zirophyz Offline
Junior Member
**

Posts: 3
Joined: Nov 2016
Reputation: 0
Post: #3
RE: Stop RPS from asking for <mac>.cfg and common cfg
Yeah, I reckon I am going about this wrong. I will just use my script to serve a file based on the request. So, if phone requests common.cfg, my script will pull that from a private directory. I will however, do a quick lookup of the MAC address to "authorise" that the phone is legitimate prior to serving any cfg files. Lastly, I'll encrypt the cfg files. So there'll be a few layers of security - a person would need to firstly spoof a known MAC (will take a while to brute force), and if successful in spoofing a correct MAC then they'll be served an encrypted file anyway.
11-08-2016 11:26 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
jolouis Offline
Moderator
*****

Posts: 339
Joined: Oct 2013
Reputation: 6
Post: #4
RE: Stop RPS from asking for <mac>.cfg and common cfg
If you're really worried you can also go a step further and add username/password to the URL provided by RPS. Then put username/password protection on your script to ensure that only requests who provide the valid login are even allowed to try. That way even if somebody spoofed a valid MAC unless they were actually sniffing a live request they wouldn't know how to login to your script... and as you said, if they did all that they would still end up with an encrypted config file.
11-09-2016 03:19 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Lucia_Yealink Offline
Super Moderator
******

Posts: 467
Joined: Aug 2016
Reputation: 5
Post: #5
RE: Stop RPS from asking for <mac>.cfg and common cfg
Thank you for the sharing of the jolouis.
Any question, please let me know.

Best Regards,
Lucia
11-14-2016 06:32 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Autoprovisioning for SIP-T21 V.83 - common sip server name econnet 0 4,871 07-24-2018 03:58 PM
Last Post: econnet
  Common config with t46s not working Alan11111111 3 13,422 09-08-2017 11:03 AM
Last Post: Fuur
  Common Config File Name CraigFox 1 9,253 05-07-2016 06:23 AM
Last Post: Karl_Yealink
  How to Stop Autoprovisioning dirwin 1 8,155 01-19-2016 04:00 AM
Last Post: Karl_Yealink
  Variable in common.cfg yeacpt 4 15,798 11-28-2015 03:44 AM
Last Post: mkeuter
  Broadsoft Group Common Directory fal 5 15,839 04-03-2015 02:34 AM
Last Post: Flora_Yealink
  Download Source For T48G Common CFG File Slator 2 14,984 10-17-2014 01:44 AM
Last Post: Slator
  Stop syslogging? murf 1 6,102 06-13-2014 10:04 AM
Last Post: Yealink Support

Forum Jump:


User(s) browsing this thread:

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication