Captive Portal Redirection

General questions.
Post Reply
Darkness
Posts: 27
Joined: June 27th, 2019, 6:23 am

Captive Portal Redirection

Post by Darkness » September 27th, 2019, 10:20 am

Hi guys,

I am having problems with my captive portal.

In the blue interface, I have the transparent proxy and the captive portal activated.

When I connect to the blue network, the captive portal page appears to authenticate me.

Once I accept the terms and conditions, it automatically redirects me to a page (depending on the device that connects, it is a different page) which the IPFire blocks me.

1. I can't understand why the IPFire blocks these pages .. can anyone help me?

2. Is there a way to change the page you are redirected when you have logged in?

3. I also have problems with another(s) page(s). From the blue network I cannot access (IPFire blocks it) while from the green network, I can access.
I tried adding it to the white list, but still I can't access it.


The pages that block when the captive portal redirect me are the following:
From windows: www.msftconnecttest.com
From iPhone: captive.apple.com
From Android: www.samsung.com
I have to say that these pages are only blocked when the captive portal redirects after accepting the terms and conditions.
Once logged in, if I open a browser window, I can access them.

The other page is: (always block on blue but active on green)
www.isframi-security.org/



Thanks guys.

Darkness
Posts: 27
Joined: June 27th, 2019, 6:23 am

Re: Captive Portal Redirection

Post by Darkness » October 17th, 2019, 10:21 am

Nobody can help me?

I would like to know how IPFire takes the URL to redirect to the browser once the terms are accepted.

If I can change it, the problem should be resolved.. But I don't know how/where I should do it.

gpatel-fr
Posts: 51
Joined: July 24th, 2019, 7:59 am

Re: Captive Portal Redirection

Post by gpatel-fr » October 18th, 2019, 9:14 am

Hello

I tried it and can confirm the strangeness with redirection, using an old Android phone on Blue access with proxy and captive portal; when enabling wifi, it's not possible to connect at all from a browser (no redirection to the captive portal, the access is just blocked and timeout), it's possible to tap the OS notification to access the portal and enable access, but when clicking to enable access nothing happens, the captive portal displays again (in fairness there is nothing to redirect to in this case, but I'd expect the screen to be dismissed). When the access is enabled, browsing in a separate process becomes possible as you report.

I can't reproduce any of the blocks you report, though (I did not check for Mac or Windows problems since I don't have the hardware/software). Both samsung.com and your security site loaded fine. Either it's transient Internet problems, or your blue firewall configuration is the reason.

Darkness
Posts: 27
Joined: June 27th, 2019, 6:23 am

Re: Captive Portal Redirection

Post by Darkness » October 23rd, 2019, 11:22 am

gpatel-fr wrote:
October 18th, 2019, 9:14 am
Hello

I tried it and can confirm the strangeness with redirection, using an old Android phone on Blue access with proxy and captive portal; when enabling wifi, it's not possible to connect at all from a browser (no redirection to the captive portal, the access is just blocked and timeout), it's possible to tap the OS notification to access the portal and enable access, but when clicking to enable access nothing happens, the captive portal displays again (in fairness there is nothing to redirect to in this case, but I'd expect the screen to be dismissed). When the access is enabled, browsing in a separate process becomes possible as you report.

I can't reproduce any of the blocks you report, though (I did not check for Mac or Windows problems since I don't have the hardware/software). Both samsung.com and your security site loaded fine. Either it's transient Internet problems, or your blue firewall configuration is the reason.
Thanks for the reply bro.

Actually I made a change on redirect.cgi and change the redirection url to a custom url.
So, now, when I accept the terms, this redirection me to my custom url and it work fine (Example: www.cooperativaacor.com works fine). But if I try to navigate on this URL the ipfire block this (Example: http://www.cooperativaacor.com/es/conta ... r/art/184/ is blocked).
To make it work I have to close the browser and open a new window. (Once done that I can navigate through www,cooperativaacor.com successfully).

In another way, now with my iPhone (iOS 13.1.3) when I accept the terms it redirection to my URL but I can't do nothing there. I just can press "cancel" or close the "pop-up", and if I do some of this actions, the conection close.
So, I have to re-connect to the wifi and it work fine because the captive portal don't appear, cause I accept the terms before.
I think I remembered that it worked fine before, maybe it's something from the new iOS update. But I'm not sure.

So, about the first problem, I think it's related to redirection and the way IPFire manages it. Maybe on redirect.cgi or something like this?

It's my redirect.cgi, I'm just change the URL to redirect.

Code: Select all

use strict;
use URI::Escape;
use CGI::Carp qw(fatalsToBrowser);

require '/var/ipfire/general-functions.pl';


# my $url = "http://$ENV{'SERVER_NAME'}$ENV{'REQUEST_URI'}";
my $url = "https://www.cooperativaacor.com";
my $safe_url = uri_escape($url);

my %settingshash = ();
my %ethernethash = ();
my $target;

# Read settings
&General::readhash("${General::swroot}/captive/settings", \%settingshash);
&General::readhash("${General::swroot}/ethernet/settings", \%ethernethash);

# Get the client's IP address
my $client_address = $ENV{X_FORWARDED_FOR} || $ENV{REMOTE_ADDR} || "";

if ($settingshash{'ENABLE_GREEN'} eq "on" && $ethernethash{'GREEN_ADDRESS'} ne '') {
	if (&General::IpInSubnet($client_address, $ethernethash{'GREEN_ADDRESS'}, $ethernethash{'GREEN_NETMASK'})) {
		$target = $ethernethash{'GREEN_ADDRESS'};
	}

} elsif($settingshash{'ENABLE_BLUE'} eq "on" && $ethernethash{'BLUE_ADDRESS'} ne '') {
	if (&General::IpInSubnet($client_address, $ethernethash{'BLUE_ADDRESS'}, $ethernethash{'BLUE_NETMASK'})) {
		$target = $ethernethash{'BLUE_ADDRESS'};
	}

} else {
	exit 0;
}

print "Status: 302 Moved Temporarily\n";
print "Location: http://$target:1013/cgi-bin/index.cgi?redirect=$safe_url\n";
print "Connection: close\n\n";

Post Reply