rsp2k/caddy-sip-guardian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8 Commits 1 Branch 0 Tags
Commit Graph

8 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Malloy
95a794ba69 Fix enumeration config initialization and add test script 
- Fix SetEnumerationConfig to create detector if not exists
  Previously, the config would be silently discarded if called before
  the detector was lazily initialized by GetEnumerationDetector

- Add test_enumeration.py script for sandbox testing
  Includes fire-and-forget mode (--no-wait) for proper scanner simulation
 2025-12-07 15:39:30 -07:00
Ryan Malloy
c73fa9d3d1 Add extension enumeration detection and comprehensive SIP protection 
Major features:
- Extension enumeration detection with 3 detection algorithms:
  - Max unique extensions threshold (default: 20 in 5 min)
  - Sequential pattern detection (e.g., 100,101,102...)
  - Rapid-fire detection (many extensions in short window)
- Prometheus metrics for all SIP Guardian operations
- SQLite persistent storage for bans and attack history
- Webhook notifications for ban/unban/suspicious events
- GeoIP-based country blocking with continent shortcuts
- Per-method rate limiting with token bucket algorithm

Bug fixes:
- Fix whitelist count always reporting zero in stats
- Fix whitelisted connections metric never incrementing
- Fix Caddyfile config not being applied to shared guardian

New files:
- enumeration.go: Extension enumeration detector
- enumeration_test.go: 14 comprehensive unit tests
- metrics.go: Prometheus metrics handler
- storage.go: SQLite persistence layer
- webhooks.go: Webhook notification system
- geoip.go: MaxMind GeoIP integration
- ratelimit.go: Per-method rate limiting

Testing:
- sandbox/ contains complete Docker Compose test environment
- All 14 enumeration tests pass
 2025-12-07 15:22:28 -07:00
Ryan Malloy
0b0fb53c9c Add Caddyfile support for sip_guardian_admin HTTP handler 
Register handler directive with httpcaddyfile and implement
UnmarshalCaddyfile to enable Caddyfile configuration syntax.
 2025-12-07 10:37:16 -07:00
Ryan Malloy
b5fa007d6e Add Caddyfile unmarshaler support for SIPMatcher and SIPHandler 
The layer4 matchers and handlers must implement caddyfile.Unmarshaler
to be usable in Caddyfile syntax. This enables proper parsing of:
- @sip sip { methods ... } matchers
- sip_guardian { ... } handlers
 2025-12-07 10:23:38 -07:00
Ryan Malloy
2315989ca7 Fix module path to use git.supported.systems 2025-12-07 10:10:33 -07:00
Ryan Malloy
a62d1b4064 Fix Caddyfile layer4 network address syntax 
Update to use correct Caddy network address format:
- network/address instead of address/network
- udp/:5060 instead of :5060/udp
- Remove invalid tls subdirective from proxy handler
 2025-12-06 16:52:10 -07:00
Ryan Malloy
500185e692 Update module path to git.supported.systems 2025-12-06 16:39:18 -07:00
Ryan Malloy
1ba05e160c Initial commit: Caddy SIP Guardian module 
Layer 4 SIP protection with:
- SIP traffic matching (REGISTER, INVITE, etc.)
- Rate limiting and automatic IP banning
- Attack pattern detection (sipvicious, friendly-scanner)
- CIDR whitelisting
- Admin API for ban management
 2025-12-06 16:38:07 -07:00