nanog mailing list archives

Re: WiFi - login page redirection not working

From: Josh Luthman <josh () imaginenetworksllc com>
Date: Thu, 30 Nov 2017 16:24:00 -0500

non-SSL requests are not the issue.

SSL requests are.  For example, Google cache's their 301 redirect from
http://www.google.com to https://www.google.com which means clients that
had access while that browser ps stays active will still attempt https
instead of http, regardless of what you actually type.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Thu, Nov 30, 2017 at 1:08 PM, Owen DeLong <owen () delong com> wrote:

On Nov 30, 2017, at 08:20 , Josh Luthman <josh () imaginenetworksllc com>

wrote:

If TLS  would somehow allow you to redirect...


No but it would be nice to have a solution that redirects the user

instead

of "this page can't load" creating confusion.


A well-known non-SSL (non-HSTS) URL that users could use for this purpose
would
serve the same purpose without producing the security problems mentioned.

Owen



Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Thu, Nov 30, 2017 at 2:02 AM, Jimmy Hess <mysidia () gmail com> wrote:

On Wed, Nov 29, 2017 at 10:34 PM, Ramy Hashish <ramy.ihashish () gmail com

wrote:

Two points with this problem: 1)Is there a "non client" solution to the
problem of the WiFi login notification not showing up on the clients

after

connecting to the WiFi network?


A  Captive portal  embedding WispR  XML data
for connections from browsers/OSes that request a test page upon network
access.
https://stackoverflow.com/questions/3615147/how-to-
create-wifi-popup-login-page

However if WPA2 authentication is not method used for access,  then

network

traffic is
vulnerable and not secured.

AP solutions that are non-standard being a "Non client" solution and

using

"Open Wireless" mode SSIDs are likely so deficient in security as to be
an unreasonable risk for users to actually connect to.

Second, anything to be done from the AP to show the landing page even

if

the page requested is HTTPs?


If TLS  would somehow allow you to redirect or create a HTTPS connection
from
a domain name that is not yours, then this could obviously be exploited

for

attacks.....

--
-JH

Current thread:

WiFi - login page redirection not working Ramy Hashish (Dec 01)
- Re: WiFi - login page redirection not working Jimmy Hess (Dec 01)
  - Re: WiFi - login page redirection not working Josh Luthman (Dec 01)
    - Re: WiFi - login page redirection not working Owen DeLong (Dec 01)
    - Re: WiFi - login page redirection not working William Herrin (Dec 01)
    - Re: WiFi - login page redirection not working Owen DeLong (Dec 01)
    - Re: WiFi - login page redirection not working Josh Luthman (Dec 01)
    - Re: WiFi - login page redirection not working Owen DeLong (Dec 01)
    - Re: WiFi - login page redirection not working Vincent Bernat (Dec 01)
    - Re: WiFi - login page redirection not working Nikolay Shopik (Dec 01)
    - Re: WiFi - login page redirection not working Vincent Bernat (Dec 01)
    - Re: WiFi - login page redirection not working Owen DeLong (Dec 01)
    - RE: WiFi - login page redirection not working Edwin Pers (Dec 06)