Business Community > WiFi > AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal
< WiFi

AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal
AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal
2018-02-07 03:49:00
Model : AC50Hardware Version : Firmware Version : 1.0.1 Build 20170706 Rel.72258ISP : Hi,I installed a TP Link solution for WIFI Access control using AC50 controller and CAP1750 AP. the firmwares are up to date (1.0.1 Build 20170706 Rel.72258 for AC50 and 1.1.0 CAP1750(EU)_V1_170601 for CAP1750) the Database Version On CAP1750 is also up to date (ver 1.0.6).I configured Facebook authentication and the redirection to my Facebook page is working pretty well. i was surprised when one of my costumers told me that he could play videos on YouTube and navigate through HTTP pages without check in to my page, i made the test in my phone and i could access to YouTube and google without check in in my page.it seems that some resources could be accessed even if not add on free authentication policy (YouTube, All HTTPS Pages, Whatsup, anroid apps, All apps using internet ...).My internet Router is connected to port 1 on the AC50, and the CAP1750 is connected to port 2 on the AC50.Did some ne of you guys ever exprienced this issue ? Is there any other configuration since i would like to have a total restriction to internet access before check in to my Facebook Page.Thank you for your help,
  0      
 
  0      
 
#1
Options
5 Reply
Re:AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal
2018-02-08 17:03:26
I have same problem.

--------------------------------------------------

Model : Tp-Link Auranet EAP245
FW : 1.2.0 Build 20170828 Rel. 67350(5553)
Controler software : EAP Controller_V2.5.4_Windows
Controller EAP software install at windows 7 pro. I’ve a problem here:
- Create 1 SSID no password, on Portal select Facebook. In Facebook Wifi configuration page I set Bypass mode is Request Wi-Fi code and enter the password code here.
- Test 1: I connect the wifi by iphone ->connect OK, but the facebook page NOT auto popup. When I open web browse the Facebook page show. I want automatic when I conect the wifi the Facebook auto popup no need open web browse app.
- Test 2: When I connect the wifi by iphone ->connect OK. I open App as : yotube, vnexpress, app store, viber, camera app….. All Run L I feeling the proctect by facebook not do anything. So, who connect to my wifi can use internet NO problem. Not security

I want setup is when connect to my wifi, facebook auto popup and let choose login or type pass code . if correct the smart phone, ipad…. Have internet to use. If skip this step Deny NO internet. That’s correct.

Would you pls help this case.

I already contact TP-Link in Vietnam. But can’t help me.


P.s: I don’t why don’t let the facebook feature build in firmware? Let use the web browse to config will be easy no need the EAP controller software. Many router as ASUS, Netgear build this facebook feature in the firmware
  0  
  0  
#2
Options
Re:AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal
2018-02-08 22:41:34
Hi, it seems that we have the same issue with two different hardware. I hope that some one from the forum resolved the problem and could show us the solution. I really like TP link hardware and don't want to change my equipments because of this issue.
  0  
  0  
#3
Options
Re:AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal
2018-02-09 03:45:04

pgtuan wrote


- Test 1: I connect the wifi by iphone ->connect OK, but the facebook page NOT auto popup. When I open web browse the Facebook page show. I want automatic when I conect the wifi the Facebook auto popup no need open web browse app.


No website can automatically "pop up". This is technically impossible since the web is pull-medium, not a push-medium. When connecting to a WLAN, your iPhone sends a connectivity test probe to see wether it is connected to a hotspot and if it gets redirected to a portal page, it will follow the redirect to let one log in. Although this seems that a login page would "pop up automatically", it actually does not. It gets pulled like any other web page, albeit by a trick built into iOS. If the faCIAbook mechanism does redirects, "automatic pop ups" could work this way, if it does not use redirection, it can not work.

- Test 2: When I connect the wifi by iphone ->connect OK. I open App as : yotube, vnexpress, app store, viber, camera app….. All Run L I feeling the proctect by facebook not do anything. So, who connect to my wifi can use internet NO problem. Not security


That's the problem with facebook "authentication": in order to be able to reach facebook using HTTPS, certain IPs of content delivery networks (CDNs) need to be open. If those IPs are open for access, they will allow any other service using the same CDNs to be reached without any authentication before.

That's why I don't recommend FB logins (being a developer of Hotspots systems, albeit not associated with TP-Link in any way).

Many router as ASUS, Netgear build this facebook feature in the firmware


They all share the same problems discussed above if using interception for redirecting to a portal page.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#4
Options
Re:AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal
2018-02-20 16:41:50
Same problem here but with voucher and web-protal (local users) logins: e.g. on my mobile I get a "login to wifi network" notification upon connecting but when opened it just disappears without requesting a voucher code or user/password and I'm good to go. I think this has to do with ipv6. My provider hast full ipv6 support and my dhcp server on my internet router serves both ipv4 and ipv6 addresses to all clients with dual-stack support. Conversely CAPxxx/ACxx products are ipv4 only and they seem to let ipv6 simply pass which is a security flaw in my oppinion and I allready reported this to the tplink support. As more and more websites are dual-stack you will be able to use internet until you hit an ipv4 only ressource.
  0  
  0  
#5
Options
Re:AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal
2018-03-07 17:15:15
See the UG notes
File:
facebook.pngDownload
  0  
  0  
#6
Options

Information

Helpful: 0

Views: 1544

Replies: 5

Related Articles
Ac50 & cap1750
502 0
Is it possible to convert a CAP1750 into an EAP1750 with firmware?
907 0
Is it possible to connect a WIFI extender to an Access Point?
2282 0
Is it possible to combine Archer C6 and EAP230 as access points?
195 0
Internet source for mobile internet router from phone. Is this possible?
225 0
AC50/CAP1750: Voucher and non-sens-auth problem
892 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.