Captive portal ngingx 403 Forbidden error



  • I'm having problems with the captive portal service.
    Somehow clients wont get redirected to the captive portal page.

    I'm using a custom captive portal page which I uploaded through sftp in the Captive portal folder
    The portal page is only shown when doing "Show page content".
    DNS resolver is turned on and is active on any interface.
    All DNS fields on the DHCP service is blank

    (DHCP on Wireless access point is disabled)

    I can't access the portal page from the LAN interface when I do live view
    (192.168.69.1:8002) unless I click "Show page content"

    It's only accessible from LAN client if I put the IP address of OPT1
    (10.22.11.1:8002)

    When I click Live view I get the NGINX Error 403 forbidden message.
    I've checked permissions on the Captive portal and NGINX folder (not a permission issue ?)

    Any help is appreciated
    Thank you in advance  ;)



  • @retestreak:

    I'm using a custom captive portal page which I uploaded through sftp in the Captive portal folder

    Totally not related, but why did you upload the file like that ? You are aware that you should use the GUI for that (so internal housekeeping like writing it to the config.xml, setting up the correct symbolic links etc are done correctly)

    @retestreak:

    …..
    .....
    It's only accessible from LAN client if I put the IP address of OPT1
    (10.22.11.1:2000)
    .....

    99 % of troubles are located right away if you respect 2 things :
    Don't use non non-standard settings (like captive portal running on port 2000 …. I even wonder how you set this port number, it is auto generated and not user changeable - better : there is no need to do so)
    Read https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

    Try this :
    Save your config.
    Reset to default.
    Drop a big pass-all rule (TCP and UDP) on OPT1 (which is your captive portal).
    Use the local pfSense User Mananger.
    Add a user to it that has the right to visit (use) the portal.
    Activate portal on OPT1 with default settings - default login page.
    It works .... ;)



  • @Gertjan:

    @retestreak:

    I'm using a custom captive portal page which I uploaded through sftp in the Captive portal folder

    Totally not related, but why did you upload the file like that ? You are aware that you should use the GUI for that (so internal housekeeping like writing it to the config.xml, setting up the correct symbolic links etc are done correctly)

    @retestreak:

    …..
    .....
    It's only accessible from LAN client if I put the IP address of OPT1
    (10.22.11.1:2000)
    .....

    99 % of troubles are located right away if you respect 2 things :
    Don't use non non-standard settings (like captive portal running on port 2000 …. I even wonder how you set this port number, it is auto generated and not user changeable - better : there is no need to do so)
    Read https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

    Try this :
    Save your config.
    Reset to default.
    Drop a big pass-all rule (TCP and UDP) on OPT1 (which is your captive portal).
    Use the local pfSense User Mananger.
    Add a user to it that has the right to visit (use) the portal.
    Activate portal on OPT1 with default settings - default login page.
    It works .... ;)

    I'm sorry it is not port 2000 it is the default one. 8002
    And the problem with the file manager on PFsense is that i'm not allowed to upload more then a couple MB.
    My custom portal page is larger. And I'm not able to make directorys from the gui on the captive portal service .
    Firewall rule on OPT1 = Allow any protocol to any destination.

    I'm thinking about performing a reset to factory defaults… I think i messed up my box.
    Should i try the force_fsk  ? Will this fix anything?



  • @retestreak:

    ….
    I'm sorry it is not port 2000 it is the default one. 8002

    Aha .. ok.

    @retestreak:

    And the problem with the file manager on PFsense is that i'm not allowed to upload more then a couple MB.

    That problem was solved in the eighties already. Golden Rule : a home page or landing page should be small.
    Several Megas of pure code for a page ? Don't. Never. Ever.
    Big images ? Don't. Include the images or media into your html by links, and upload them separately. Thus breaking the total absolute file size to less big.

    Remember : all these megas are also stored into the unique system config file. Don't bloat it, or it will blow …

    @retestreak:

    I'm thinking about performing a reset to factory defaults… I think i messed up my box.

    Well … if you only edited settings that a reset will do fine.

    @retestreak:

    Should i try the force_fsk  ? Will this fix anything?

    fsk - as the famous chkdsk from DOS (and still Windows) will only show low level file system errors. If these happens than your are hitting the reset button far to often (typical : never use this button will do) or your hardware (drives) is utterly failing ….

    I advise you to use the default login page, on build up from there.
    As soon as everything breaks, you know where to look.

    Btw  of course it IS possible to upload YOUR own 'huge' captiive portal  login file.
    But .... FIRST check out /etc/inc/captiveportal.inc - you will discover that the "htlml login page" is created on the fly when a client logs in. Some 'have to be there variables are changed for their actual values before it's written to a temp file that the web server uses to "serve the client".
    So .... be ready to rewrite parts of the PHP (means : dead easy, so simple ....) that handle the captive portal.

    Put your page on a diet. It should be a login page, not some Youtube look alike.



  • @Gertjan:

    @retestreak:

    ….
    I'm sorry it is not port 2000 it is the default one. 8002

    Aha .. ok.

    @retestreak:

    And the problem with the file manager on PFsense is that i'm not allowed to upload more then a couple MB.

    That problem was solved in the eighties already. Golden Rule : a home page or landing page should be small.
    Several Megas of pure code for a page ? Don't. Never. Ever.
    Big images ? Don't. Include the images or media into your html by links, and upload them separately. Thus breaking the total absolute file size to less big.

    Remember : all these megas are also stored into the unique system config file. Don't bloat it, or it will blow …

    @retestreak:

    I'm thinking about performing a reset to factory defaults… I think i messed up my box.

    Well … if you only edited settings that a reset will do fine.

    @retestreak:

    Should i try the force_fsk  ? Will this fix anything?

    fsk - as the famous chkdsk from DOS (and still Windows) will only show low level file system errors. If these happens than your are hitting the reset button far to often (typical : never use this button will do) or your hardware (drives) is utterly failing ….

    I advise you to use the default login page, on build up from there.
    As soon as everything breaks, you know where to look.

    Btw  of course it IS possible to upload YOUR own 'huge' captiive portal  login file.
    But .... FIRST check out /etc/inc/captiveportal.inc - you will discover that the "htlml login page" is created on the fly when a client logs in. Some 'have to be there variables are changed for their actual values before it's written to a temp file that the web server uses to "serve the client".
    So .... be ready to rewrite parts of the PHP (means : dead easy, so simple ....) that handle the captive portal.

    Put your page on a diet. It should be a login page, not some Youtube look alike.

    Heel erg bedankt Gertjan ;) (Thanks a lot)

    My portal page might be a bit too much..
    What do you think ?

    https://ufile.io/xuf2m



  • 13 Mbytes  >:(

    Put it on a diet.

    (maar het zou moeten werken indien je alle regels respecteert -> zie ingebouwede pagina als voorbeeld).


Log in to reply