From dd9594d52b7e9f2412e5368b5d9ccd36bb736294 Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Thu, 19 Feb 2026 12:08:20 +0100
Subject: [PATCH] docs: Update tracking files for WAF VoIP/XMPP filters and
 Jitsi Meet

- Added 4 new WAF categories: voip (12), xmpp (10), cve_voip (9), cve_xmpp (8)
- Self-hosted Jitsi Meet deployed at meet.gk2.secubox.in
- Full LXC container with Prosody/Jicofo/JVB/Nginx
- Webchat updated to use self-hosted Jitsi

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .claude/HISTORY.md | 20 ++++++++++++++++++++
 .claude/WIP.md     | 16 ++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/.claude/HISTORY.md b/.claude/HISTORY.md
index f6ca9b1f..d22960e2 100644
--- a/.claude/HISTORY.md
+++ b/.claude/HISTORY.md
@@ -2407,3 +2407,23 @@ git checkout HEAD -- index.html
 - `package/secubox/secubox-app-jabber/files/etc/config/jabber` (jingle/sms/voicemail sections)
 - `package/secubox/luci-app-jabber/root/usr/libexec/rpcd/luci.jabber` (VoIP methods)
 - `package/secubox/luci-app-jabber/root/usr/share/rpcd/acl.d/luci-app-jabber.json` (VoIP ACL)
+
+37. **WAF VoIP/XMPP Protection & Jitsi Meet (2026-02-19)**
+    - Added 4 new WAF categories to mitmproxy for VoIP/Jabber protection:
+      - `voip`: 12 SIP/VoIP security patterns (header injection, ARI abuse, AMI injection)
+      - `xmpp`: 10 XMPP/Jabber patterns (XSS, XXE, BOSH hijack, OOB file access)
+      - `cve_voip`: 9 CVE patterns for Asterisk/FreePBX/Kamailio/OpenSIPS
+      - `cve_xmpp`: 8 CVE patterns for Prosody/ejabberd/Tigase/Strophe
+    - Updated `waf-rules.json` to version 1.1.0 with comprehensive attack detection
+    - Added autoban options `ban_voip` and `ban_xmpp` for automatic IP blocking
+    - Updated `mitmproxy-waf-sync` to include new categories in JSON sync
+
+    - **Self-Hosted Jitsi Meet**: Full deployment in LXC container
+      - Prosody XMPP server on port 5380 (internal only)
+      - Jicofo conference focus component
+      - JVB (Jitsi Videobridge) for WebRTC media
+      - Nginx reverse proxy on port 9088
+      - HAProxy vhost at `meet.gk2.secubox.in` with Let's Encrypt SSL
+      - WAF bypass enabled for WebRTC compatibility
+      - Webchat updated to use self-hosted Jitsi instead of meet.jit.si
+      - Full video conferencing capability without external dependencies
diff --git a/.claude/WIP.md b/.claude/WIP.md
index aad10f2f..6979058c 100644
--- a/.claude/WIP.md
+++ b/.claude/WIP.md
@@ -64,6 +64,22 @@ _Last updated: 2026-02-19 (v0.22.0 - VoIP + Jabber Integration)_
 
 ### Just Completed (2026-02-19)
 
+- **WAF VoIP/XMPP Security Filters** — DONE (2026-02-19)
+  - Added 4 new WAF categories to mitmproxy:
+    - `voip`: 12 SIP/VoIP patterns (header injection, ARI/AMI abuse)
+    - `xmpp`: 10 XMPP patterns (XSS, XXE, BOSH hijack)
+    - `cve_voip`: 9 CVEs for Asterisk/FreePBX/Kamailio/OpenSIPS
+    - `cve_xmpp`: 8 CVEs for Prosody/ejabberd/Tigase
+  - Autoban options for voip/xmpp attacks
+  - Total: 40+ new detection patterns, 17+ CVEs
+
+- **Self-Hosted Jitsi Meet** — DONE (2026-02-19)
+  - Full LXC deployment: Prosody (5380), Jicofo, JVB, Nginx (9088)
+  - HAProxy vhost at `meet.gk2.secubox.in` with Let's Encrypt SSL
+  - WAF bypass for WebRTC compatibility
+  - Webchat integrated with self-hosted Jitsi
+  - Complete video conferencing without external dependencies
+
 - **VoIP (Asterisk PBX) + Jabber Integration** — DONE (2026-02-19)
   - Created `secubox-app-voip` package with Asterisk PBX in LXC container
   - OVH Telephony API integration for SIP trunk auto-provisioning