Format
Each line in auth_rules.config contains an authentication rule that consists of a set of tags, each followed by its value. Authentication rules have the format:
rule_name=<name> src_ip=<IP addresses> user_agent=<regex> <additional tags>
The following table lists all of the tags.
Tags | Allowed value |
---|---|
rule_name | A short, unique name. |
enabled |
Specifies whether the rule will be active:
|
src_ip |
Takes a comma separated list of IP addresses and IP address ranges. No spaces. If this field is empty, all IP addresses match. The list can contain up to:
|
user_agent (optional) | Takes a regular expression that is applied to the user-agent string. See Specifying URL regular expressions (url_regex) for information about using regular expressions. |
proxy_port (optional) | Takes a port number. Valid with explicit proxy only. Client applications must be configured to send requests to the correct port. |
domain_list | An ordered, comma separated list of domains the Content Gateway will attempt to authenticate a matching user with. |
use_captive_portal |
Specifies whether Captive Portal is used.
|
use_clientcert_auth |
Specifies whether Client Certificate Authentication is used.
|
clientcert_profile | Takes a text string. The name of the Client Certificate Authentication profile to be used with the authentication rule. |
clientcert_fallback |
Specifies whether the next selected authentication method should be used if Client Certificate Authentication fails.
|