Allowed web server IP address through captive portal is very slow

xsmael

I have enabled the captive portal and allowed the IP address of a web server having a web app that enables users to pay for the service
but accessing that web app when the portal is on and the user not authenticated is very slow, and sometimes it goes as far as 2minutes before the page loads. Is this behavior normal ?

How can I speed it up ?

NB: the web app has no issue, once the portal is disabled it loads fast.

Thanks for any help!

free4

@xsmael
No, that's not normal

The likely explanation is that your application require ressources (eg, images, CSS design, fonts, etc...) That are not hosted in the same web server than your app.

You should have a look to the ressources used by your application. You could easly do this using packet capture on pfsense, or using ADB logcat on your Android device

xsmael

as said before, when some one do login or when i disable the captive portal, then i don't have that issue, it loads fast. its only slow that way when the captive portal is enabled even though i allowed the ip address.

free4

@xsmael
I understand that you whitelisted one IP address matching the server containing your application.

But it seems like your application is also using external ressources (such as bootstrapcdn.com for the design, fonts.google.com for the fonts, etc ..). Did you also whitelisted IP addresses of Google/StackPath/whateverExternalRessourceYourAppIsUsing?

Please check the external ressources required for your app to work.

johnpoz

Where exactly is this webapp hosted.. What is the fqdn to get there? I assume its public hosted somewhere.. What is this IP you allowed?

As free4 stated it could be trying to get the client to load stuff from other IPs - which might not actually be required for the site to work.. But could be slowing it down, etc..

Simple looking in say a browser tool when you go there will list all the things being loaded or attempted to be loaded.

xsmael

@free4
Yes you're right it was loading fonts from fonts.google.com, but i removed it, all the other resources are stored locally in the webserver itself!

I cross-checked by looking at all the network tab in dev tools. and all is clear.

@johnpoz
we have a router with public IPs for couple servers we run, pf sense is below that router with its wan configured with a public IP, the webserver is at the same level, with a public IP as well.

in the capitve portal we have a page with an input for vouchers, and below that an iframe loading our web app.
but even if we try accessing the web app direclty by typing its IP address in browser it loads incredibly slow!.

johnpoz

@xsmael said in Allowed web server IP address through captive portal is very slow:

IP address in browser it loads incredibly slow!.

Maybe its just a slow site... without more details there is nothing anyone can do to help you.

the webserver is at the same level, with a public IP as well.

That screams asymmetrical to me... So this server is in a transit network that is public, and so is pfsense wan in the same L2 on the same subnet? Or different?

Draw up how you have this setup.. what is ip of this server and mask compared to pfsense wan IP and mask?

xsmael

@johnpoz

@johnpoz said in Allowed web server IP address through captive portal is very slow:

Maybe its just a slow site... without more details there is nothing anyone can do to help you.

Not really, as i mentioned, if i disable the captive portal only it loads faster, normally, or if i login using a voucher and have normal access to internet, it also loads fast. but once i enable the captive portal and not yet logged, then its slow, even though i allowed the IP.

@johnpoz said in Allowed web server IP address through captive portal is very slow:

Draw up how you have this setup.. what is ip of this server and mask compared to pfsense wan IP and mask?

Honestly i dont know very well the network architecture, just and idea.
the IP of the web server is something like IP: 83.229.62.147 mask: 255.255.255.192
the IP of the pfsense WAN is something like IP: 83.229.62.87 mask: 255.255.255.192
they both have the same default gateway.

Derelict

Packet capture and see what else the client is trying to access that isn't whitelisted.

When you disable the portal, of course these are not blocked and it will load quickly.

xsmael

In deed the problem was the application is also using external ressources but i didnt notice the change as soon, now I downloaded whatever resources was needed and I load it locally.

That solved my problem.

Thanks!