RADIUS Filter Rules

The filter discards RADIUS requests that do not meet predefined filtering criteria before they are further processed by the Mideye server. This mechanism prevents the overload of server resources, reduces spamming of authentication logs, and protects against password spray and brute force attacks. Blocked requests are silently discarded.

Functionality

Filtering can be based on either the username (RADIUS attribute #1, User-Name) or the client IP address (RADIUS attribute #33, Calling-Station-Id). For optimal performance of the filter, it is recommended to configure RADIUS clients to include the optional attribute #33 (Calling-Station-Id) in Access Requests.

Configuration

Filter rules are defined in the RADIUS Filter Rules menu. By default, all requests are allowed, and BLOCK rules specify which usernames and IP addresses should be denied access. Alternatively, the filter can be configured to block all requests by default, only permitting those that meet specified ALLOW criteria.

Rules can be configured to require an exact match for usernames and IP addresses or to use wildcard and regular expression (Regex) matching.

Each filter rule is assigned a priority order, which determines the sequence in which the rules are evaluated and applied.

Additionally, BLOCK rules for specific usernames and IP addresses can be added directly through the Authentication Logs menu.