Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Catching https requests

    Scheduled Pinned Locked Moved Captive Portal
    11 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DerelictD
      Derelict LAYER 8 Netgate
      last edited by

      Not without throwing certificate errors at your clients.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • F
        FlexyZ
        last edited by

        I know and that is fine - I mean most people will open a browser and goto to facebook or google, and without redirect on https the captive portal will never appear.

        So it is possible?

        Thanks

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Just turn on the HTTPS login option in the captive portal setup.  That will create the rule redirecting :443 traffic to your broken https portal page.

          Opinion:  I believe we as a profession should not implement anything that requires our users to click through certificate errors.  Any solution that requires users to do so is no solution at all.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • F
            FlexyZ
            last edited by

            I absolutely see your point :)

            I tried it, and is not working like I expected - Internet Explorer warns about the certificate twice and chrome never gets to the captive portal and the same for Firefox.

            Was expecting a warning in all browsers and then continuing to the captive portal. But I suspect this is not supported in the design.

            Thanks

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              The browser makers have been really tightening up certificate error behavior making it much harder to make an exception, and for good reason.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • M
                mohandshamada
                last edited by

                so till now no any solution for this issue

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Sorry, but https/ssl/tls is designed exactly to avoid man-in-the-middle on https connections, which is exactly what your https captive portal is.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • N
                    neobauer
                    last edited by

                    @Derelict:

                    Sorry, but https/ssl/tls is designed exactly to avoid man-in-the-middle on https connections, which is exactly what your https captive portal is.

                    Got it :)

                    1 Reply Last reply Reply Quote 0
                    • M
                      mohandshamada
                      last edited by

                      so what is the solution

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        There is none.  Captive portals break https.  Period.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.