Radiator Server Documentation — v10.33.2
Table of Contents
  • http
  • Syntax
  • Elements
  • Source Block
  • Timeout

http

An http clients list specifies which external systems (web applications, API gateways, automation tools, integration services) are permitted to send HTTP / REST style requests to a server (for example a management or authentication HTTP endpoint). Any request originating from an IP address not matching a configured client entry in a referenced list is silently discarded or rejected (depending on server layer logic), providing a first layer of network access control.

Syntax

clients {
    http "API_CLIENTS" {
        client "internal-app" {
            source {
                ip 192.168.50.0/24;
                ip 2001:db8:1234:50::/64;
            }
            timeout 30;
            @pre-policy {
                # Optional: tag request, early validation, rate hints
            }
            @post-policy {
                # Optional: auditing or response enrichment
            }
        }

        client "batch-jobs" {
            source { ip 10.20.5.10; }
            secret "NotUsedHere";   # (If future auth extensions require)
        }
    }
}

Elements

Element / BlockRequiredDescription
http "LIST_NAME" { ... }Yes (≥1 if you need HTTP client filtering)Declares a list grouping HTTP clients
client "NAME" { ... }YesA single logical client (single host or group alias)
source { ip …; }YesOne or more IPv4/IPv6 addresses or CIDR ranges
timeout <seconds>;NoOverride request handling timeout for this client
@pre-policy { … }NoExecuted before main request / AAA pipeline
@post-policy { … }NoExecuted after pipeline finishes
statistics { … }No (if supported)Per-client statistics configuration

Note: The @ prefix is required for pipeline blocks. The legacy syntax without @ (e.g., pre-policy {}, post-policy {}) is deprecated and emits warnings. Use @pre-policy {} and @post-policy {} for new configurations.

Source Block

Multiple ip statements may appear:

source {
    ip 192.168.50.12;
    ip 192.168.51.0/24;
    ip 2001:db8:1234:51::/64;
}

Order is irrelevant; matching stops once any entry matches.

Timeout

If set, applies a per-request upper bound (seconds) for operations associated with that client. Use only if a subset of clients are known to require different SLA handling. Otherwise rely on global defaults.

Table of Contents
Navigation
Home

  • @verification

  • aaa

  • backends

  • caches

  • captures

  • certificates

  • clients

    • http

    • ip

    • protocol

    • radius

    • require_message_authenticator

    • secret

    • source

    • tacacs-plus

    • timeout

  • conditions

  • dictionary

  • hmac-otp

  • include

  • init

  • ip-accept

  • license

  • logging

  • management

  • proxy-protocol

  • scripts

  • servers

  • statistics

  • stats

  • template

  • ui

Navigation
Home