[pfsense-2.3.1] captive portal redirect-url before auth
-
Help me plz!!!
-
but how to force captive portal redirect to login page
-
but how to force captive portal redirect to login page
This will work without you (the captive portal user) doing something special.
If you have some knowledge about what a firewall is :
https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting
Find out what your 'zone' is :ipfw zone list
Then, use the obtained number to check the rules :
ipfw -x zone1 show
You see rule number 65532:65532 22940 2336966 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
This rule says :
"Any connection tcp from anywhere going to anywhere" will be redirected to"127.0.0.1,8002".
And guess what : on 127.0.0.1,8002 is listeing a web server that servers you the default index.html page, your captive logon page.When your login is validated, check out table 1 and 2 : your IP and MAC will be in these tables, so any further communication will not be send to the captive portal login page, bur simply passes through.
When the captive portal forces a logout, it simply removes your IP and MAC from theses two tables.
-
Gertjan, could you please post the full output of the "ipfw -x show" command? I'm trying to fix a
problem similar to the OPsCP problem, and I'd be very interested in seeing the output from a working CP system.EDIT: sorry, mixed up the threads
-
Hi everyone,
I've the same issue. When i'm not log in :
I can't have access on http/https site
When I go on http://mydomain:8002/index.php I've blanc page
When I go on http://mydomain:8002/index.php?zone=cp_guest I've log in page (which works)I used default Portal page contents and Pre-authentication redirect URL is set to http://mydomain:8002/index.php?zone=cp_guest
I've also the same rule : 65532 22940 2336966 fwd 127.0.0.1,8002 tcp from any to any dst-port 80 in
I've read topic, but it didn't work for me. I've you solved it ?
Thank you
-
Has anyone found a solution to this ?
In my setup, I get redirected to the Pre Auth URL page, but cannot from that page jump to login portal page.
-
It would be great if somebody could post a working solution for version 2.3 onwards(portal page and external landing page) to a pre-auth external landing page which contains the form.
The CP controller does not appear to be able to pass the actual values of $PORTAL_ACTION$, $PORTAL_ZONE$, $PORTAL_REDIRURL$, $PORTAL_MESSAGES$ to the external landing page using PHP header function.
-
Ahh, so that's what's happening in my setup. I get looped all the time to the redirect url.
-
So, anyone found a solution ?
-
Any solution please?
-
I've the same issue. When i'm not log in :
I can't have access on http/https site
When I go on http://mydomain:8002/index.php I've blanc pageThis is ok and by design.
Calling this page (index.php) without the very needed variable 'zone', there will be an error - see error log (see the captive log file).
See here : https://github.com/pfsense/pfsense/blob/master/src/usr/local/captiveportal/index.php#L39 (and next 8 lines) => NO variable 'zone" means : dead.See also this (these) file(s) :
/var/etc/nginx-CPZONE-CaptivePortal.conf
/var/etc/nginx-CPZONE-CaptivePortal-SSL.conf (if you use https login)
This is what make things work:...... if ($http_host ~* 192.168.2.1) { set $cp_redirect no; } if ($http_host ~* portal.brit-hotel-fumel.net) { set $cp_redirect no; } if ($cp_redirect = '') { rewrite ^ /index.php?zone=cpzone1&redirurl=$request_uri break; ......
Your IP and portal URL are different of course.
Check that the URL does resolve to the IP present !!When I go on http://mydomain:8002/index.php?zone=cp_guest I've log in page (which works)
As explained above : ok and normal.
For all : pre-auth might be broken - or not.
The doc might be not 100 % - some made it work - others don't.The big problem is : communication. To make it work, all settings need to be known and ok. Special broken setups WILL break everything.
The pre auth page could be stored on pfSense (as an uploaded file) - or not - and could even be some where on the net.I have have not tried pre auth myself - I don't need it.
Just an advise for those who try to make it work : check that all variables are passed to the pages involved in the process (some PHP knowledge will be needed).
-
I've been looking in to how to resolve this issue. Here's what I did:
- Set the portal page to anything you like, but make sure it includes:
require_once("globals.inc");
$request_uri = urldecode(str_replace("/index.php?redirurl=", "", $_SERVER["REQUEST_URI"]));
$portal_redirurl = urldecode("$PORTAL_REDIRURL$");
if(!stristr(urldecode("$PORTAL_REDIRURL$"), $request_uri)) {
Header("Location: $PORTAL_REDIRURL$");
exit;
}-
Set your pre-auth url to point to your external web server
-
Web server loads its page (for me a data capture page), and posts to a database and echo's header location to authenticate.php
-
Authenticate.php is essentially the default captive portal code, but I modified $PORTAL_??$ variables to be hard coded. This is then posted directly to the firewall (192.168.1.1:8002/index.php?zone=[zonename]), and the user is then forwarded to the $PORTAL_REDIRURL$
-
The user is authenticated and able to browse
I hope this helps!