3.11.18. AllowInReply Previous topic Parent topic Child topic Next topic

This optional parameter is the complement to StripFromReply: It specifies the only attributes that are permitted in an Access-Accept. It is useful, for example, to limit the attributes that are passed back to the NAS from a proxy server. This way you can prevent downstream customer RADIUS servers from sending back illegal or troublesome attributes to your NAS.
AllowInReply does not prevent other attributes being added locally by DefaultReply, AddToReply and AddToReplyIfNotExist.
# Only permit a limited set of reply attributes.
AllowInReply Session-Timeout, Framed-IP-Address