403
communication
auth_error
ai_generated
partial
SIP/2.0 403 禁止注册请求
SIP/2.0 403 Forbidden on REGISTER request
ID: communication/sip-403-forbidden-registration
75%修复率
85%置信度
1证据数
2024-03-15首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| RFC 3261 | active | — | — | — |
| Kamailio 5.6 | active | — | — | — |
| Asterisk 20 | active | — | — | — |
| FreeSWITCH 1.10 | active | — | — | — |
根因分析
SIP服务器因凭据不匹配、nonce过时或基于IP的访问控制而拒绝注册。
English
SIP server rejects registration due to mismatched credentials, stale nonce, or IP-based access control.
官方文档
https://datatracker.ietf.org/doc/html/rfc3261#section-21.4.4解决方案
-
Regenerate the SIP digest credentials: delete the stored nonce and password hash on the client, then force a fresh REGISTER with the correct username and password. On Linphone, remove the account and re-add it. On a custom client, clear the cached credentials and call sip_register() again.
-
Verify the SIP server's IP access control list (ACL). On Kamailio, check 'allow_trusted' and 'allow_source_address' settings. Add the client's public IP to the trusted list if needed.
无效尝试
常见但无效的做法:
-
Re-enter the same SIP username and password in the client settings
60% 失败
Credentials may be correct but the nonce (challenge) is stale or the server requires digest authentication re-challenge
-
Disable SIP ALG in the router to bypass firewall issues
80% 失败
403 is not a network traversal error; it's an authentication/authorization failure at the application layer
-
Change the SIP transport from UDP to TCP
90% 失败
Transport protocol does not affect authentication validity; the 403 is generated after the transport handshake succeeds