AC50 - Web Authentication vs Voucher

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

AC50 - Web Authentication vs Voucher

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
AC50 - Web Authentication vs Voucher
AC50 - Web Authentication vs Voucher
2017-12-08 19:06:19
Model :

Hardware Version :

Firmware Version :

ISP :

Hi,
As far as I understand Web Authentication doesn't allow web redirect in https so basically users not logged in can anyway use internet in https... http becoming obsolete I hope to find a solution.

Is it the same issue with "Vouchers"? I'd like to block unregistred users or without a valid voucher.

Regards,
Ced
  0      
  0      
#1
Options
5 Reply
Re:AC50 - Web Authentication vs Voucher
2017-12-08 21:32:56

CedricB wrote

As far as I understand Web Authentication doesn't allow web redirect in https so basically users not logged in can anyway use internet in https... http becoming obsolete I hope to find a solution.


First of all, any Captive Portal which uses interception works by redirecting HTTP requests, so yes, it is the case with "Vouchers" authorization, too.
And no, clients using HTTPS can not access the Internet without prior authorization. They may have to use a HTTP request to make the portal page appear, but they cannot circumvent authorization. Read on for a solution how to avoid the user to manually request a webpage by HTTP to force the portal page to appear.

Next, HTTP is not becoming "obsolete", what makes you think so? This might be the dream of companies selling SSL certificates, but dreaming is ok.

Every modern mobile device still uses HTTP to see wether it is connected to the Internet or blocked by a Captive Portal at a public hotspot. This technique is known as "Connectivity Tests" or "Network Location Awareness" and it still requires HTTP. Those devices will open the portal page even if the user didn't request a web page at all.

So, HTTP will not become "obsolete", at least not in our lifetime.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#2
Options
Re:AC50 - Web Authentication vs Voucher
2017-12-08 22:13:02
Hi, Thanks for your quick reply!

Do you have any recommandation how to force the portal page to appear whether users request http or https webpage? I must have set up something wrongly as a user not logged in can anyway bypass the portal and use https webpages...
I have a simple (too simple for that need?) installation with fiber connection, L2 switch and AC50 (along with APs).
Thanks for those clarifications.
  0  
  0  
#3
Options
Re:AC50 - Web Authentication vs Voucher
2017-12-08 22:49:46

CedricB wrote

Do you have any recommandation how to force the portal page to appear whether users request http or https webpage?


That's why the "Connectivity Test" aka "Network location awareness" has been introduced by Google, Apple and Mickeysoft for devices using their OSes. It is even implemented on laptop/PC OSes nowadays.

On older device not supporting CT or NLA you must request a HTTP webpage to force the portal page to appear. Anyway, all traffic (HTTP and also HTTPS) should be blocked as long as the user has not been authorized through the portal.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#4
Options
Re:AC50 - Web Authentication vs Voucher
2017-12-09 00:03:39
Ok but how can they bypass the portal without login in and access https websites?
Thanks!
  0  
  0  
#5
Options
Re:AC50 - Web Authentication vs Voucher
2017-12-09 04:47:16

CedricB wrote

Ok but how can they bypass the portal without login in and access https websites?
Thanks!

could it be because IPV6? I've tried disabling it and it seems to work now

update: http and https are indeed blocked but on my Android Phone Facebook app is passing through!?
  0  
  0  
#6
Options

Information

Helpful: 0

Views: 1239

Replies: 5

Related Articles