======RADSECProxy Realm Filtering====== ### Catch a load of common misconfigurations realm /^$/ { replymessage "Misconfigured client: empty realm!" } realm +/@((myabc|gmail|googlemail|hotmail|live|outlook|yahoo|unimail).com|(.*\.)?3gppn +etworks?.org|yahoo.cn) { replymessage "Misconfigured client: govroam realm not permitted" } realm /@(.*\.(ax\.uk|ax\.edu|sc\.uk|ac\.edu|ac\.u|local)|ac\.uk)$ { replymessage "Misconfigured client: govroam realm invalid (typo?)" } realm /@\. { replymessage "Misconfigured client: govroam realm invalid (leading '.')" } realm /@[^\.]+$ { replymessage "Misconfigured client: govroam realm invalid (incomplete)" } ### Check it's a syntacitaclly correct realm and proxy if ok realm /@[0-9a-zA-Z\.]+\.[0-9a-zA-Z\.]+$ { server roaming0.govroam.uk server roaming1.govroam.uk server roaming2.govroam.uk server roaming3.govroam.uk # AccountingResponse on } ### Otherwise reject it realm * { replymessage "Misconfigured client: govroam realm invalid (syntax error)" }