siteadmin:radsecproxy_realm_filtering
RADSECProxy Realm Filtering
### Catch a load of common misconfigurations
realm /^$/ {
replymessage "Misconfigured client: empty realm!"
}
realm /@((myabc|gmail|googlemail|hotmail|live|outlook|yahoo|unimail).com|(.*\.)?3gppnetworks?.org|yahoo.cn) {
replymessage "Misconfigured client: govroam realm not permitted"
}
realm /@(.*\.(ax\.uk|ax\.edu|sc\.uk|ac\.edu|ac\.u|local)|ac\.uk)$ {
replymessage "Misconfigured client: govroam realm invalid (typo?)"
}
realm /@\. {
replymessage "Misconfigured client: govroam realm invalid (leading '.')"
}
realm /@[^\.]+$ {
replymessage "Misconfigured client: govroam realm invalid (incomplete)"
}
### Check it's a syntacitaclly correct realm and proxy if ok
realm /@[0-9a-zA-Z\.]+\.[0-9a-zA-Z\.]+$ {
server roaming0.govroam.uk
server roaming1.govroam.uk
server roaming2.govroam.uk
server roaming3.govroam.uk
# AccountingResponse on
}
### Otherwise reject it
realm * {
replymessage "Misconfigured client: govroam realm invalid (syntax error)"
}
siteadmin/radsecproxy_realm_filtering.txt · Last modified: 2025/08/18 13:14 by admin