Skip to content

Static Filter Rules

Note

Static Filter Rules was previously known as RADIUS Filter Rules and merged with Mideye Shield in Mideye Server 6.5.13.

1 Overview

The filter discards RADIUS requests that do not satisfy one or more filter rules before they reach the authentication engine. Benefits:

  • Reduces load on the server and authentication logs.
  • Mitigates password‑spray and brute‑force attacks (blocked requests are silently discarded).

You can match on:

RADIUS attribute Meaning Typical content Requirement
#1 (User‑Name) Username john.doe or john.doe@example.com Always present
#31 (Calling‑Station‑Id) Client IP address 203.0.113.15 Must be added by the RADIUS client1

1For optimal filtering, configure your RADIUS clients to include attribute #31 in Access‑Request packets. This can then be used by Mideye Shield to dynamically block attacks from specific IP addresses.

2 Rule Processing

  1. Rules are evaluated in ascending Order value (lowest first).
  2. The first matching rule decides the outcome (ALLOW or BLOCK).
  3. If no rule matches:
  4. Block By Default disabled → request is allowed.
  5. Block By Default enabled → request is blocked.

Rule priority diagram

3 Configuration

3.1 Global Setting – Block By Default

Disabled (default) → allow everything that is not explicitly blocked.

Enabled      → block everything that is not explicitly allowed.

3.2 Adding / Editing a Rule

Note

Calling_Station_id - filters the authentication request based on the RADIUS Attribute 31, which contains the public IP address of the connecting client.

Field Options Description
Rule Action ALLOW · BLOCK What happens when the rule matches.
Rule Attribute Username (Attr #1) · Calling‑Station‑Id (Attr #31) The RADIUS field to inspect.
Operator EQUAL_TO · CONTAINS · REGEX_MATCH · SUBNET See below.
Value text / CIDR / regex Pattern the attribute is compared against.
Order Positive integer Execution priority (lower = earlier).
Enabled ☑ / ☐ Unchecked rules are ignored.

Operator details

  • EQUAL_TO – exact string match.
  • CONTAINS – substring match.
  • REGEX_MATCH – Java‑style regular expression.
  • SUBNET – IP falls inside the given CIDR block (203.0.113.0/24 …).

3.3 Adding BLOCK rules from Authentication Logs

You can create a BLOCK rule for the username or IP directly from a log entry:

Add rule from logs

4 Regex Examples for Username Patterns

Use case Regex Example matches
Two letters, two letters, two digits ^[a-zA-Z]{2}[a-zA-Z]{2}\d{2}$ jodo12, satr45
firstname.lastname@ *.com ^[a-zA-Z]+\.[a-zA-Z]+@[a-zA-Z0-9.-]+\.com$ john.doe@company.com
aa22bb@company.com ^[A-Za-z]{2}\d{2}[A-Za-z]{2}@company\.com$ ab12cd@company.com
firstname.lastname@firstcompany or secondcompany ^[a-zA-Z]+\.[a-zA-Z]+@(firstcompany|secondcompany)\.com$ john.doe@firstcompany.com
Two letters · two digits · two letters ^[a-zA-Z]{2}\d{2}[a-zA-Z]{2}$ ab12cd, mn34pq