siteadmin:realm_filtering
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| siteadmin:realm_filtering [2019/08/13 09:50] – admin | siteadmin:realm_filtering [2019/12/05 10:51] (current) – admin | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | Basic syntax checking can be done with the ' | + | Basic syntax checking can be done with the ' |
| + | < | ||
| + | # | ||
| + | # | ||
| + | # Force some sanity on User-Name. This helps to avoid issues | ||
| + | # issues where the back-end database is " | ||
| + | # what constitutes a user name. | ||
| + | </ | ||
| + | |||
| + | Example usage: | ||
| < | < | ||
| authorize { | authorize { | ||
| Line 13: | Line 22: | ||
| < | < | ||
| - | ## Filter out realms which are empty e.g. Username = fred@ | ||
| - | realm " | ||
| - | } | ||
| - | |||
| ## Filter out NULL realms e.g. Username = fred | ## Filter out NULL realms e.g. Username = fred | ||
| Line 25: | Line 30: | ||
| realm " | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| + | } | ||
| + | |||
| + | realm " | ||
| } | } | ||
| </ | </ | ||
| + | |||
| + | alternatively | ||
| + | |||
| + | < | ||
| + | check_bad_realms { | ||
| + | if (& | ||
| + | ## reject usernames that end with realms that are never going to be govroam/ | ||
| + | ## is there a way to automate this??! | ||
| + | |||
| + | ## stuff here will be matched for just eduroam | ||
| + | if (& | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | } | ||
| + | |||
| + | |||
| + | ## stuff here will be matched for just govroam | ||
| + | if (& | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | } | ||
| + | |||
| + | ## stuff here will be matched for both govroam and eduroam | ||
| + | ## Common realm provided by phone manufacturers by default | ||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | ## Username is not an email address. | ||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | ## Ends in ' | ||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | |||
| + | | ||
| + | ## Ends in a single character - all TLDs are 2+ characters. | ||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | ## All subrealms should have more than one character | ||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | |||
| + | ## Misspellings and misunderstandings | ||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | ## Starts with a ' | ||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | | ||
| + | ## Some typical inappropriate realms. | ||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | if (& | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | |||
| + | |||
| + | |||
| + | } else { | ||
| + | update request { | ||
| + | & | ||
| + | } | ||
| + | reject | ||
| + | } | ||
| + | } | ||
| + | |||
| + | </ | ||
| + | |||
| + | Many thanks to Matt Richards from Bath University for this code. | ||
siteadmin/realm_filtering.1565689841.txt.gz · Last modified: 2019/08/13 09:50 by admin