Proxying based on a regex

Sallee, Stephen (Jake) Jake.Sallee at
Mon Jul 25 22:49:42 CEST 2011

> Impressive, you've both made up entirely fictitious syntaxes for doing proxying... Um anyway.

Glad you like it : )

I am still new to FR so forgive me if I am mistaken but that little bit of unlang would go into the sites-enabled-default config correct?  If so isn't it doing the same thing as the suffix module?

Either way you need to setup the proxy config ...

Ours may be working because we are only checking the domain the user uses and then steering them to the correct inner-tunnel, my apologies if the advice was incorrect.

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
Fone: 254-295-4658
Phax: 254-295-4221

-----Original Message-----
From: at [ at] On Behalf Of Arran Cudbard-Bell
Sent: Monday, July 25, 2011 3:33 PM
To: FreeRadius users mailing list
Subject: Re: Proxying based on a regex

Impressive, you've both made up entirely fictitious syntaxes for doing proxying... Um anyway.

if(User-Name =~ /REGEX/){
	update control {
		Proxy-To-Realm := 'my_proxy_realm'

Then configure the realm in proxy.conf. Subcapture groups can provide you with parts of the User-Name string and can be accessed using the %{0}, %{1}, %{2}... etc variables

You don't need to do anything if you're just doing local authentication....


On 25 Jul 2011, at 22:20, Sallee, Stephen (Jake) wrote:

> We did this through our realms see code:
> In your proxy.conf
> realm "~.*umhb\\.edu$" {
> #### some code here###
> ###usually the virtual server you want to proxy them to### }
> If I am understanding your question right that should do it, but others may have a better way .. or I could be on crack ...
> -----Original Message-----
> From: 
> at 
> [ at lists.freeradius
> .org] On Behalf Of Charles Plater
> Sent: Monday, July 25, 2011 3:05 PM
> To: freeradius-users at
> Subject: Proxying based on a regex
> I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the format of the ID. I have a working regex that determines the domain to which the request should be sent, but I'm having a hard time figuring out the syntax of the proxy statement. Here's what I've tried:
> if (User-Name !~ <REGEX>) {
> 	proxy:
> else {
> 	proxy: LOCAL
> 	}
> }
> FWIW, I can successfully authenticate do the "" realm by using userid at
> Can anyone offer any suggestions? Thanks in advance.
> --
> Charles Plater
> Lead Application Technical Analyst
> Internet Services
> +1-313-577-4620
> ab3189 at
> -
> List info/subscribe/unsubscribe? See 
> -
> List info/subscribe/unsubscribe? See 

Arran Cudbard-Bell
a.cudbardb at

RADIUS - Half the complexity of Diameter

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list