Skip to content

Restrict Extension Registration Based on User Agent

By default, Cloud Voice accepts a registration request for an extension from any SIP (Session Initiation Protocol) client, no matter what device or software is behind it. As long as the client presents the extension’s registration credentials, it can connect. If you want tighter control over which endpoints can register, you can require that the requesting device identify itself with a specific user agent string, so that valid credentials alone are not enough to bring an endpoint online.

SIP is a peer-to-peer protocol, and each side of a session acts as a User Agent (UA):

  • User Agent Client (UAC): the client that sends SIP requests such as INVITE, ACK, OPTIONS, BYE, CANCEL, and REGISTER.
  • User Agent Server (UAS): the server that receives those requests and responds to the client.

Every time a SIP phone or softphone registers, it acts as the UAC and includes a user agent string in its packets. That string typically identifies the device, for example the manufacturer or model. When you enable user agent authorization on an extension, Cloud Voice checks that string before allowing the registration to proceed.

  1. Sign in to the Cloud Voice management portal and go to Extension and Trunk > Extension, then open the extension you want to protect for editing.

  2. Select the Security tab.

  3. Under SIP Security, turn on Enable User Agent Registration Authorization.

  4. Add the user agent string that devices must present: a. Click Add User Agent. b. Enter the expected value in the User Agent field.

  5. Click Save, then Apply.

From now on, when a device attempts to register to this extension, Cloud Voice compares the user agent string in its SIP packets against the value you configured. Matching is done on the prefix of the string, so a device whose user agent does not begin with the specified value is refused and the registration fails.