Static Filter Rules
Note
Static Filter Rules was previously known as RADIUS Filter Rules and merged with Mideye Shield in Mideye Server 6.5.13.
1 Overview¶
The filter discards RADIUS requests that do not satisfy one or more filter rules before they reach the authentication engine. Benefits:
- Reduces load on the server and authentication logs.
- Mitigates password‑spray and brute‑force attacks (blocked requests are silently discarded).
You can match on:
| RADIUS attribute | Meaning | Typical content | Requirement |
|---|---|---|---|
#1 (User‑Name) | Username | john.doe or john.doe@example.com | Always present |
#31 (Calling‑Station‑Id) | Client IP address | 203.0.113.15 | Must be added by the RADIUS client1 |
1For optimal filtering, configure your RADIUS clients to include attribute #31 in Access‑Request packets. This can then be used by Mideye Shield to dynamically block attacks from specific IP addresses.
2 Rule Processing¶
- Rules are evaluated in ascending Order value (lowest first).
- The first matching rule decides the outcome (ALLOW or BLOCK).
- If no rule matches:
- Block By Default disabled → request is allowed.
- Block By Default enabled → request is blocked.
3 Configuration¶
3.1 Global Setting – Block By Default¶
Disabled (default) → allow everything that is not explicitly blocked.
Enabled → block everything that is not explicitly allowed.
3.2 Adding / Editing a Rule¶
Note
Calling_Station_id - filters the authentication request based on the RADIUS Attribute 31, which contains the public IP address of the connecting client.
| Field | Options | Description |
|---|---|---|
| Rule Action | ALLOW · BLOCK | What happens when the rule matches. |
| Rule Attribute | Username (Attr #1) · Calling‑Station‑Id (Attr #31) | The RADIUS field to inspect. |
| Operator | EQUAL_TO · CONTAINS · REGEX_MATCH · SUBNET | See below. |
| Value | text / CIDR / regex | Pattern the attribute is compared against. |
| Order | Positive integer | Execution priority (lower = earlier). |
| Enabled | ☑ / ☐ | Unchecked rules are ignored. |
Operator details¶
- EQUAL_TO – exact string match.
- CONTAINS – substring match.
- REGEX_MATCH – Java‑style regular expression.
- SUBNET – IP falls inside the given CIDR block (
203.0.113.0/24…).
3.3 Adding BLOCK rules from Authentication Logs¶
You can create a BLOCK rule for the username or IP directly from a log entry:
4 Regex Examples for Username Patterns¶
| Use case | Regex | Example matches |
|---|---|---|
| Two letters, two letters, two digits | ^[a-zA-Z]{2}[a-zA-Z]{2}\d{2}$ | jodo12, satr45 |
| firstname.lastname@ *.com | ^[a-zA-Z]+\.[a-zA-Z]+@[a-zA-Z0-9.-]+\.com$ | john.doe@company.com |
| aa22bb@company.com | ^[A-Za-z]{2}\d{2}[A-Za-z]{2}@company\.com$ | ab12cd@company.com |
| firstname.lastname@firstcompany or secondcompany | ^[a-zA-Z]+\.[a-zA-Z]+@(firstcompany|secondcompany)\.com$ | john.doe@firstcompany.com |
| Two letters · two digits · two letters | ^[a-zA-Z]{2}\d{2}[a-zA-Z]{2}$ | ab12cd, mn34pq |