Blocking/Allowing requests from an APN to IP addresses. | Search |
NowSMS Support Forums ⬆ Now.WAP Proxy Support ⬆ Archive through October 01, 2008 ⬆ |
◄ ► |
Author | Message | ||||
Joseph Smith New member Username: Falangjoe Post Number: 14 Registered: 08-2006 |
Software Version v2006.10.16 Customer: Union Telephone We use two APNs. One is union.wap.com and the other is union.mms.com. Currently, all ours phones are programmed to use the same wap gateway for WAP and MMS. Is it possible to only allow the requests from the union.mms.com APN to connect to the MMSC IP and not other IPs? We are trying to turn off GPRS billing for MMS. What do you think? Thanks, Joseph | ||||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 6973 Registered: 10-2002 |
Hi Joseph, I can't think of a way to do this. Normally, we'd do two separate proxies for this. We can try to put some thought into an alternative solution ... as it sounds like you face a dilemma having the phones already preprogrammed with same gateway IP for both. Unless the different access points could allocate IP addresses onto different networks, where the different networks would see a different physical host as that logical IP address. But that could be complicated to setup. Currently, there is a setting in the proxy that can be used to restrict outbound access only to hosts that are listed in the "Content Domains to receive X-MSISDN Header" list. What we would have to do is apply that selectively, so that it only applied when a request originated from a particular APN. I'd assume that the way we would identify this would be based upon the IP address of the source request. Is that correct? Now the question is whether or not we could find away to easily apply this restricted access setting so that it was conditional based upon the source IP of the request. I need to discuss this with my colleagues ... and maybe one of them will have a better idea. -bn | ||||
Richa Saxena New member Username: Richa Post Number: 1 Registered: 04-2007 |
I have one query.I have implemented the WAP2.0 code for restricting the "MMSWAP" user for sending the MMS using the WAP APN and try to browse request using MMS APN.I have implemented this based on the received APN and decoded url.I am comparing the APN from he list of configured APN and then checking the decoded url.If any of u getting the better idea then please reply. Thanks, Richa | ||||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 7088 Registered: 10-2002 |
Hi Richa, I need more details on exactly what configuration steps you have taken in order to offer any additional thoughts. -bn | ||||
Richa Saxena New member Username: Richa Post Number: 2 Registered: 04-2007 |
Thanks Bryce for your reply.. ok i am going to tell you how excatly i have done this. i am maintaining the list of MMS,WAP APN in the configurations.Once i received the "MMSWAP" subscriber's req, i will interact with the database and will get the APN that subscriber is using currently( have per user entry in DB with msisdn, APN, subscriber type etc..). Once i get the APN from DB,will compare with the configured list of APNs.Eg get matched with MMS APN list then will return MMS instead of MMSWAP. Now before sending the req to web server will compare the decoded url, subscriber type( eg: MMS from the above case),if valid then allow else drop the request. In this way restricting the MMSWAP subscriber, for sending mms using WAP APN and send browsing req using MMS APN. But im thinking this is not a very goog idea to implement this service restriction. I think this time im clear with my requriement to you. Please suggest me if you have any better idea to solve this case. Thanks, Richa | ||||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 7109 Registered: 10-2002 |
Hi Richa, What you describe makes sense. But we do not have that type of callback in our NowWAP product. NowWAP will attempt the URL request regardless of which APN it was received from. It is possible to configure NowWAP to only allow access to a whitelist of host entries (or you could also do this with a firewall) ... but it is not possible to do this selectively based upon source APN. -bn | ||||
Richa Saxena New member Username: Richa Post Number: 3 Registered: 04-2007 |
Hi Bryce, Ok then according to you, maintaining the whitelist of allow host is better idea instead of APN based. Ya even im thinking now restriction based on host is better idea then APN based. Thanks Bryce for your help... Richa
| ||||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 7116 Registered: 10-2002 |
No I think that is a good approach if your infrastructure supports it. For simplicity I see many operators that dynamically map APNs like this. However, this only works if you know thw subscribers intent. If subscriber could connect for either WAP or MMS, but you wish to not charge for MMS, then you cannot determine intent like this. That is why I am inquiring if there is a good way for nowwap to determine the proxy. | ||||
Richa Saxena New member Username: Richa Post Number: 5 Registered: 04-2007 |
Hi Bryce, Even i have one more idea to support this implementation let me know which one is better. See instead of restricting the subscriber based on APN received, when the subscriber send MMS the header part will conatin the MIME tag "Content-Type:" and for sending MMS its value is some thing like wap.vnd.mms.message( may be not excatly this but must be "mms.message") so when the request come we can check this header value and can restrict the WAP subscriber to send MMS and when the MMS subscriber is sending the MMS,it should have this content type else drop the request( means MMS sub trying to browse). Hope my point is clear to you, please let me know which one is the better idea. Thanks Richa | ||||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 7125 Registered: 10-2002 |
Hi Richa, Yes, you could do this, but it may be more complicated. When a client receives an MMS, it issues a GET request. So you would need to allow the GET request, but then not return the content unless the MIME type is "application/vnd.wap.mms-message". Similarly, you would allow POST requests if the content type was this MMS content type. Another consideration is that this would allow subscribers to interact with other MMSCs, not just your own ... which may be an economic consideration for you. -bn | ||||
Richa Saxena New member Username: Richa Post Number: 7 Registered: 04-2007 |
Hi Bryce, Really thanks for this... i should consider these points... Actullay i have one more prob but in WAP 1.2 application.I have posted this in some other link in the same site but want to ask you.Please help me in solving this prob. I am facing one problem in WAP1.2 application.My WAP1.2 application is doing the APN based check to allow or decard the subscriber request( as i have already discussed with you),in case when im trying to close the session,( as APN check failed to send the req)im getting the prob that some mobiles are not closing the session( even my applicaion is sending the abort to the handset),manually i have to disconnect from the handset( and it should not happen like this) or some mobiles are retrying with the request( as it should not retry automatically). Thanks, Richa | ||||
Joseph Smith New member Username: Falangjoe Post Number: 15 Registered: 08-2006 |
Bryce, We have the ability to assign our two apns different address ranges. Currently, we are having alot of problems with customers using the wrong apn to send/receive MMS. Would it be possible to retrict connects based on IP address ranges. We are really in need of something like this. | ||||
Bryce Norwood - NowSMS Support Board Administrator Username: Bryce Post Number: 7538 Registered: 10-2002 |
Continued in the following thread: http://support.nowsms.com/discus/messages/131/23517.html |