On Monday 02.02.2009 10:37:59 Alan DeKok wrote:
Matej Vadnjal wrote:
I'm having trouble getting the value of auth_pool of a realm. Realms are defined as regular expressions matched by suffix module against the domain portion of users username.
Ok... *why* are you doing that?
if ("%{config:realm[%{Realm}].auth_pool}" =~ /%{client-shortname}/i) { reject }
That's odd. What do you think that configuration does, and why do you want it to do that?
I have a server that receives requests from radius servers and forwards them to other radius servers (we are a national top-level radius for eduroam project). I'd like to check if a request that I received from a radius server will be proxied back to that same server resulting in a proxy loop. The way I see things there is no other way to find out to which server the request will be proxied to. My idea is that if I keep the names of servers in clients.conf and server pools in proxy.conf similar enough, I could compare them with a regexp and if they match reject the request, preventing a loop.
Is this a bug or a safety feature (preventing some sort of injection attacks)? I tried all sorts of combination of single quites, double quotes, no quotes, but to no avail.
Escaping characters is a security feature.
As I suspected. However in my case the value of Realm variable is one of predefined values in proxy.conf and not supplied by users. Regards, Matej Vadnjal