Customized #PORTAL_MESSAGE#

dpa

Hi guys,

Sorry if this has already been answered, but where can I edit these portal messages?

One example is when a mac address is being blocked by the portal, it shows a message saying that this mac address is being blocked. For security reasons I want to change that message.

Any help is appreciated.

Kind regards,

HooKed

The only person that would see that mac address would be the person on the device that is blocked.

Gertjan

@dpa:

Sorry if this has already been answered, but where can I edit these portal messages?

Look into:
/usr/local/captiveportal/index.php
and
/etc/inc/captiveportal.php
;)

@dpa:

One example is when a mac address is being blocked by the portal, it shows a message saying that this mac address is being blocked. For security reasons I want to change that message.

Impossible without severe captive portal firwall rearrangements.

Use this https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting to see the actuall captive portal firewall rules.
You'll notice that 'forbidden' MAC addresses list is placed upfront, way before the ipfw rules that permit that a page (the main login page, the /usr/local/captiveportal/index.php) will shown.
So, when listed, nothing get in or out - not even a notification page.
Except, of course, if you rewrite that part of the captive portal.

dpa

Thanks for your replies!

I have mac addresses entries in the Pass-through Mac page. This new version of pfsense has a button on the left side to either pass or block these mac addresses without removing them from the list(unlike the older versions of PF). Now if I'll block a certain mac entry, this client will see a message ie. "This mac address has been blocked" when trying to access the Captive Portal.

The message is clear that the CP is blocking/passing through Mac addresses. To technically-inclined persons this will arouse curiosity of spoofing their device's mac address.

It would be nice if we can edit these messages to something like "You don't have access to internet".

I have looked at "/usr/local/captiveportal/index.php" and "/etc/inc/captiveportal.php" but can't find this message yet.

Gertjan

@dpa:

Thanks for your replies!

I have mac addresses entries in the Pass-through Mac page. This new version of pfsense has a button on the left side to either pass or block these mac addresses without removing them from the list(unlike the older versions of PF). Now if I'll block a certain mac entry, this client will see a message ie. "This mac address has been blocked" when trying to access the Captive Portal.

The message is clear that the CP is blocking/passing through Mac addresses. To technically-inclined persons this will arouse curiosity of spoofing their device's mac address.

It would be nice if we can edit these messages to something like "You don't have access to internet".

I have looked at "/usr/local/captiveportal/index.php" and "/etc/inc/captiveportal.php" but can't find this message yet.

Look again.
SSH intop pfSEnse.

cd /usr/local/captiveportal
grep 'has been blocked' *

will produce:

index.php:              portal_reply_page($redirurl, "error", "This MAC address has been blocked");

so its in "/usr/local/captiveportal/index.php"  ;D
Easy to spot, easy to edit ;)

In GIT (not the current pfSense version !) you can see the code here https://github.com/pfsense/pfsense/blob/master/src/usr/local/captiveportal/index.php#L166

Btw: I have stated above that blocked MAC addresses (I always used MAC adress to "pass", not to "block") are listed in the firewall (ipfw riules) but … that's not true.
blocked MAC addresses are simply listed and compared in "/usr/local/captiveportal/index.php" using the function captiveportal_blocked_mac($clientmac) which you will find in /etc/inc/captiveportal.inc

dpa

Hey you're right!

I was looking at these files on my 2.0.3 build. No wonder I can't find them.

Thanks a lot!

doktornotor

That's a version you should NOT be using at all due to numerou vulnerabilities and severe bugs. Let alone keep customizing it. Absurd.

dpa

@doktornotor:

That's a version you should NOT be using at all due to numerou vulnerabilities and severe bugs. Let alone keep customizing it. Absurd.

I understand, thanks. But this build has a lot of customization and I'm on the process of migrating them gradually.