Skip to content

Static Filter Rules

Note

Static Filter Rules was previously known as RADIUS Filter Rules and merged with Mideye Shield in Mideye Server 6.5.13.

General information

Filtering can be based on either the username (RADIUS attribute #1, User-Name) or the client IP address (RADIUS attribute #31, Calling-Station-Id). To filter on IP-address the RADIUS client needs to be configured to include the optional attribute #31 (Calling-Station-Id) in Access Requests.

Filter rules are defined in the RADIUS Filter Rules menu. By default, all requests are allowed, and BLOCK rules specify which usernames and IP addresses should be denied access. Alternatively, the filter can be configured to block all requests by default, only permitting those that meet specified ALLOW criteria.

Rules can be configured to require an exact match for usernames and IP addresses or to use wildcard and regular expression (Regex) matching.

Each filter rule is assigned a priority order, which determines the sequence in which the rules are evaluated and applied.

IP addresses that are blocked/allowed in Static Filter Rules has priority to Auto-blocked IPs.

Configuration

Block By Default

When enabled all incoming RADIUS access-requests that do not match any filter rule will be blocked.

Add new Static Filter Rule

Rule Action

  • Block to block the connection based on this rule.
  • Allow to allow the connection based on this rule.

Rule Attribute

  • Username - filters the authentication request based on the RADIUS Attribute 1, User-Name.
  • Calling_Station_id - filters the authentication request based on the RADIUS Attribute 31, Calling_Station_Id, which contains the public IP address of the connecting client.

Operator

There are four different operators to choose between.

  • EQUAL_TO - the content of the Rule Attribute needs to be an exact match to the value in the Value field.
  • CONTAINS - some part of the content of the Rule Attribute needs to contain the value in the Value field.
  • REGEX_MATCH - the value in the Value field is a Regular Expression and the content of the Rule Attribute must match this value.
  • SUBNET - the connection will be blocked/allowed depending on if the IP address belongs to the subnet specified here. The subnet must be specified in CIDR notation.

Order

The rules are handled in order based on the value specified, lower order is handled first.

Enabled

If the box is checked the rule will be applied and regarded by Mideye Shield. If unchecked it will be skipped.