Format

Each line in auth_rules.config contains an authentication rule that consists of a set of tags, each followed by its value. Authentication rules have the format:

rule_name=<name> src_ip=<IP addresses> user_agent=<regex> <additional tags>

The following table lists all of the tags.

Tags Allowed value
rule_name A short, unique name.
enabled

Specifies whether the rule will be active:

  • 0 = disabled
  • 1 = enabled
src_ip

Takes a comma separated list of IP addresses and IP address ranges. No spaces. If this field is empty, all IP addresses match. The list can contain up to:

  • 64 IPv4 addresses
  • 32 IPv4 address ranges
  • 24 IPv6 addresses
  • 12 IPv6 address ranges
user_agent (optional) Takes a regular expression that is applied to the user-agent string. See Specifying URL regular expressions (url_regex) for information about using regular expressions.
proxy_port (optional) Takes a port number. Valid with explicit proxy only. Client applications must be configured to send requests to the correct port.
domain_list An ordered, comma separated list of domains the Content Gateway will attempt to authenticate a matching user with.
use_captive_portal

Specifies whether Captive Portal is used.

  • 0 = disabled
  • 1 = enabled using HTTP
  • 2 = enabled using HTTPS
use_clientcert_auth

Specifies whether Client Certificate Authentication is used.

  • 0 = disabled
  • 1 = enabled
clientcert_profile Takes a text string. The name of the Client Certificate Authentication profile to be used with the authentication rule.
clientcert_fallback

Specifies whether the next selected authentication method should be used if Client Certificate Authentication fails.

  • 0 = disabled
  • 1 = enabled