Hello, I would like to reject pre-proxy some specific users by querying the mysql database. I've created a table with these users that will be rejected. In policy.d/filter This rule worked. filter_user { if (&User-Name == 'XXX@XXX') { reject } } But I want to query these users in the database. I tried. filter_user { if ("%{sql:SELECT username FROM radcheckblock WHERE username = '%{User-Name}'}" == &User-Name) { reject } } Error: policy.d/filter[20]: Parse error in condition policy.d/filter[20]: ("%{sql:SELECT username FROM radcheckblock WHERE username = '%{User-Name}'}" == &User-Name) { policy.d/filter[20]: ^ Cannot use attribute reference on right side of condition What would be the best way to do this filter? thank you all