Cannot get value of config item with \\

Matej Vadnjal matej.vadnjal at
Mon Feb 2 12:00:23 CET 2009

On Monday 02.02.2009 10:37:59 Alan DeKok wrote:
> Matej Vadnjal wrote:
> > I'm having trouble getting the value of auth_pool of a realm. Realms are
> > defined as regular expressions matched by suffix module against the
> > domain portion of users username.
>   Ok... *why* are you doing that?
> > 	if ("%{config:realm[%{Realm}].auth_pool}" =~ /%{client-shortname}/i) {
> >                 reject
> >         }
>   That's odd.  What do you think that configuration does, and why do you
> want it to do that?

I have a server that receives requests from radius servers and forwards them 
to other radius servers (we are a national top-level radius for eduroam 

I'd like to check if a request that I received from a radius server will be 
proxied back to that same server resulting in a proxy loop.

The way I see things there is no other way to find out to which server the 
request will be proxied to.

My idea is that if I keep the names of servers in clients.conf and server 
pools in proxy.conf similar enough, I could compare them with a regexp and if 
they match reject the request, preventing a loop.

> > Is this a bug or a safety feature (preventing some sort of injection
> > attacks)? I tried all sorts of combination of single quites, double
> > quotes, no quotes, but to no avail.
>   Escaping characters is a security feature.

As I suspected. However in my case the value of Realm variable is one of 
predefined values in proxy.conf and not supplied by users.


Matej Vadnjal

More information about the Freeradius-Users mailing list