WiFi - login page redirection not working
josh at imaginenetworksllc.com
Thu Nov 30 21:24:00 UTC 2017
non-SSL requests are not the issue.
SSL requests are. For example, Google cache's their 301 redirect from
http://www.google.com to https://www.google.com which means clients that
had access while that browser ps stays active will still attempt https
instead of http, regardless of what you actually type.
1100 Wayne St
Troy, OH 45373
On Thu, Nov 30, 2017 at 1:08 PM, Owen DeLong <owen at delong.com> wrote:
> > On Nov 30, 2017, at 08:20 , Josh Luthman <josh at imaginenetworksllc.com>
> >> If TLS would somehow allow you to redirect...
> > No but it would be nice to have a solution that redirects the user
> > of "this page can't load" creating confusion.
> A well-known non-SSL (non-HSTS) URL that users could use for this purpose
> serve the same purpose without producing the security problems mentioned.
> > Josh Luthman
> > Office: 937-552-2340
> > Direct: 937-552-2343
> > 1100 Wayne St
> > Suite 1337
> > Troy, OH 45373
> > On Thu, Nov 30, 2017 at 2:02 AM, Jimmy Hess <mysidia at gmail.com> wrote:
> >> On Wed, Nov 29, 2017 at 10:34 PM, Ramy Hashish <ramy.ihashish at gmail.com
> >> wrote:
> >>> Two points with this problem: 1)Is there a "non client" solution to the
> >>> problem of the WiFi login notification not showing up on the clients
> >> after
> >>> connecting to the WiFi network?
> >> A Captive portal embedding WispR XML data
> >> for connections from browsers/OSes that request a test page upon network
> >> access.
> >> https://stackoverflow.com/questions/3615147/how-to-
> >> create-wifi-popup-login-page
> >> However if WPA2 authentication is not method used for access, then
> >> traffic is
> >> vulnerable and not secured.
> >> AP solutions that are non-standard being a "Non client" solution and
> >> "Open Wireless" mode SSIDs are likely so deficient in security as to be
> >> an unreasonable risk for users to actually connect to.
> >>> Second, anything to be done from the AP to show the landing page even
> >>> the page requested is HTTPs?
> >> If TLS would somehow allow you to redirect or create a HTTPS connection
> >> from
> >> a domain name that is not yours, then this could obviously be exploited
> >> attacks.....
> >> --
> >> -JH
More information about the NANOG