Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How can I allow the subdomains of one hostname in Captive Portal?

    Scheduled Pinned Locked Moved
    Captive Portal
    2
    6
    343
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mhmd
      last edited by

      hi
      I want to allow subdomains such as *.example.com in Captive Portal so that users can use these sites.
      And I added half a row in the allow hostname section such as example.com but it did not allow its subdomains
      What is your suggestion about this?
      I would appreciate it if you could help me

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @mhmd
        last edited by

        @mhmd you mean allow them before auth to use some sites? Once they are authed they would be able to go where ever you allow in the normal firewall rules.

        captive portal is not a proxy - you can not allow based on url.. It either allows the IP or network or it doesn't.. There is no way to resolve every single possible combination of something.domain.tld or what about otherthing.something.domain.tld

        What happens is pfsense looks up ever so often your something.domain.tld and allows that IP. But otherthing.domain.tld might not resolve to that same IP.

        So you need to list all the fqdn that might be used, or you need to figure out what network block they are all being served from and just allow that network. Or have you users auth to the captive portal before they go to whatever.domain.tld

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        M 1 Reply Last reply Reply Quote 0
        • M
          mhmd @johnpoz
          last edited by

          @johnpoz In the cp settings, there is Allow host name that can be passed through the CP without authentication by adding the domain name, but the problem is that in addition to the domain I define, its subdomains can also pass.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @mhmd
            last edited by johnpoz

            @mhmd Yeah I know I clearly went over how it works.. What part did you not understand???

            And what does the subdomain resolve too??

            If whatever.domain.com resolves to 1.2.3.4 and something.what.yeah.domain.com also resolves to 1.2.3.4 then yup it would be allowed - thought I clearly went over how that works?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            M 1 Reply Last reply Reply Quote 0
            • M
              mhmd @johnpoz
              last edited by

              @johnpoz My exact problem is that the domain IP is different from the subdomains it has.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @mhmd
                last edited by johnpoz

                @mhmd said in How can I allow the subdomains of one hostname in Captive Portal?:

                My exact problem is that the domain IP is different from the subdomains it has.

                And what is these 2 fqdn exactly?

                https://docs.netgate.com/pfsense/en/latest/captiveportal/allowed-hostnames.html#allowed-hostnames

                A daemon periodically resolves the hostnames to IP address(es) and allows them through the portal without authentication in this zone.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post