Attribute filtering with regex problem

Alan DeKok aland at deployingradius.com
Tue Oct 24 14:54:06 CEST 2017


On Oct 24, 2017, at 8:51 AM, John Horne <john.horne at plymouth.ac.uk> wrote:
> (Using Freeradius 3.0.13)
> I have been modifying our 'mods-config/attr_filter/post-proxy' filter file to
> allow through a couple of 'Service-Type' attribute values after proxying.
> However, to allow more than one value the only way I can get it to work is to
> specify the value as 'ANY'. (Running 'radiusd -X' shows the access-accept
> packet being sent out with the attribute.) In particular, I have been trying to
> use a regular expression but the attribute always gets filtered out.

  The regular expression matches are likely now what you want.  I'll have to double-check that they even work correctly for integer attributes with names.

> So my question is, what is the correct syntax for using '=~' with a regex in
> the post-proxy filter file?

  Don't.  Just use unlang:

	if (reply:Service-Type !~ /foo|bar/) {
		update reply {
			Service-Type !* ANY
		}
	}

  Alan DeKok.




More information about the Freeradius-Users mailing list