Captive portal slow redirect when open the first website that's begun by "https"



  • Im using pfsense v 2.3.
    Now I want captive portal configuration, when user open the first website, it will redirect into our internal website.

    I just set pre-authentication redirect URL: Http://abc.com. But there is a problem happen: When user open the first web that's begun by "https", for example https://facebook.com, the time for redirecting is longer than normal (about 10s). If the first openning website begins by "http", the time for redirecting is fast (1s).

    And I dont know how to solve this problem.

    Pls help me :(



  • Initial 'https' can not be redirected.
    Otherwise some one (you or me) could redirect "https://www.your-bank.com" and the visitor would think he is connected to "https://www.your-bank.com" (his bank) - change the pfense login page to "the web site that "https://www.your-bank.com" shows (the real one), capture his login codes and hoppa, you can empty his banc account.
    So = No way. No one can't. Its the principle of "https" surfing that you try to modify.
    Portal login pages are accessed (triggered) with an initial "http" request.



  • I understand that https is encrypted and browser is looking for auth.

    I see captive portals in restaurants and hotels and they are able
    to redirect clients to auth page whether it's http or https without problems

    Are you saying that it can't be done or that pfsense can't do it?

    Thanks



  • @Calling:

    I understand that https is encrypted and browser is looking for auth.
    I see captive portals in restaurants and hotels and they are able
    to redirect clients to auth page whether it's http or https without problems
    Are you saying that it can't be done or that pfsense can't do it?

    Good question.
    Connecting to a network (wifi) and then visiting https://www.facebook.com (having this URL in the bar, with the green stuff and all) - but not seeing the FB login screen, but 'a portal login screen'…. I never saw that ....



  • I apologize for my question which is not specific so that you may misunderstand.
    When I configure pre-authentication redirecting to URL: http://abc.com, this causes problems. When users open the first website with form https, time to direct to portal login website is too long (still can redirect). In case users open the first website in day with form http, it can redirect immediately.
    How can users open the first website with form https and quickly redirect to portal login?



  • @lupin212:

    I apologize for my question which is not specific so that you may misunderstand.
    When I configure pre-authentication redirecting to URL: http://abc.com, this causes problems. When users open the first website with form https, time to direct to portal login website is too long (still can redirect). In case users open the first website in day with form http, it can redirect immediately.
    How can users open the first website with form https and quickly redirect to portal login?

    Understand that you see your setup in front of you.
    I see none.

    Please: detail ….

    Also : lately, more questions about "per auth URL" have been posted and from what I can make of it, it's more then tricky to use it.
    Do you need pre auth ? (why has the visitor visit first page A on server B to auth to the captive portal on page B using server B (B = PfSense)) ?
    Is your A also pfSense ?
    If not, did you list the URL or the domain so that a connection to "A" is possible even when NOt auth against portal pfSense ?
    In that case : did you test that these rules where present ? ( use https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting - and show results here )
    The GUI firewall rules permit visiting site "A" (if sdite A is not pfsense).

    These are only the question I would check if I decided to use pre auth page usage - and because I never used it, is even more questions will pop up ......

    So : what about telling us more ?