On Monday 02.02.2009 10:37:59 Alan DeKok wrote: > Matej Vadnjal wrote: > > I'm having trouble getting the value of auth_pool of a realm. Realms are > > defined as regular expressions matched by suffix module against the > > domain portion of users username. > > Ok... *why* are you doing that? > > > if ("%{config:realm[%{Realm}].auth_pool}" =~ /%{client-shortname}/i) { > > reject > > } > > That's odd. What do you think that configuration does, and why do you > want it to do that? >
I have a server that receives requests from radius servers and forwards them to other radius servers (we are a national top-level radius for eduroam project). I'd like to check if a request that I received from a radius server will be proxied back to that same server resulting in a proxy loop. The way I see things there is no other way to find out to which server the request will be proxied to. My idea is that if I keep the names of servers in clients.conf and server pools in proxy.conf similar enough, I could compare them with a regexp and if they match reject the request, preventing a loop. > > Is this a bug or a safety feature (preventing some sort of injection > > attacks)? I tried all sorts of combination of single quites, double > > quotes, no quotes, but to no avail. > > Escaping characters is a security feature. As I suspected. However in my case the value of Realm variable is one of predefined values in proxy.conf and not supplied by users. Regards, Matej Vadnjal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html