Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal ngingx 403 Forbidden error

    Scheduled Pinned Locked Moved Captive Portal
    6 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      retestreak
      last edited by

      I'm having problems with the captive portal service.
      Somehow clients wont get redirected to the captive portal page.

      I'm using a custom captive portal page which I uploaded through sftp in the Captive portal folder
      The portal page is only shown when doing "Show page content".
      DNS resolver is turned on and is active on any interface.
      All DNS fields on the DHCP service is blank

      (DHCP on Wireless access point is disabled)

      I can't access the portal page from the LAN interface when I do live view
      (192.168.69.1:8002) unless I click "Show page content"

      It's only accessible from LAN client if I put the IP address of OPT1
      (10.22.11.1:8002)

      When I click Live view I get the NGINX Error 403 forbidden message.
      I've checked permissions on the Captive portal and NGINX folder (not a permission issue ?)

      Any help is appreciated
      Thank you in advance  ;)

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @retestreak:

        I'm using a custom captive portal page which I uploaded through sftp in the Captive portal folder

        Totally not related, but why did you upload the file like that ? You are aware that you should use the GUI for that (so internal housekeeping like writing it to the config.xml, setting up the correct symbolic links etc are done correctly)

        @retestreak:

        …..
        .....
        It's only accessible from LAN client if I put the IP address of OPT1
        (10.22.11.1:2000)
        .....

        99 % of troubles are located right away if you respect 2 things :
        Don't use non non-standard settings (like captive portal running on port 2000 …. I even wonder how you set this port number, it is auto generated and not user changeable - better : there is no need to do so)
        Read https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

        Try this :
        Save your config.
        Reset to default.
        Drop a big pass-all rule (TCP and UDP) on OPT1 (which is your captive portal).
        Use the local pfSense User Mananger.
        Add a user to it that has the right to visit (use) the portal.
        Activate portal on OPT1 with default settings - default login page.
        It works .... ;)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • R
          retestreak
          last edited by

          @Gertjan:

          @retestreak:

          I'm using a custom captive portal page which I uploaded through sftp in the Captive portal folder

          Totally not related, but why did you upload the file like that ? You are aware that you should use the GUI for that (so internal housekeeping like writing it to the config.xml, setting up the correct symbolic links etc are done correctly)

          @retestreak:

          …..
          .....
          It's only accessible from LAN client if I put the IP address of OPT1
          (10.22.11.1:2000)
          .....

          99 % of troubles are located right away if you respect 2 things :
          Don't use non non-standard settings (like captive portal running on port 2000 …. I even wonder how you set this port number, it is auto generated and not user changeable - better : there is no need to do so)
          Read https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

          Try this :
          Save your config.
          Reset to default.
          Drop a big pass-all rule (TCP and UDP) on OPT1 (which is your captive portal).
          Use the local pfSense User Mananger.
          Add a user to it that has the right to visit (use) the portal.
          Activate portal on OPT1 with default settings - default login page.
          It works .... ;)

          I'm sorry it is not port 2000 it is the default one. 8002
          And the problem with the file manager on PFsense is that i'm not allowed to upload more then a couple MB.
          My custom portal page is larger. And I'm not able to make directorys from the gui on the captive portal service .
          Firewall rule on OPT1 = Allow any protocol to any destination.

          I'm thinking about performing a reset to factory defaults… I think i messed up my box.
          Should i try the force_fsk  ? Will this fix anything?

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @retestreak:

            ….
            I'm sorry it is not port 2000 it is the default one. 8002

            Aha .. ok.

            @retestreak:

            And the problem with the file manager on PFsense is that i'm not allowed to upload more then a couple MB.

            That problem was solved in the eighties already. Golden Rule : a home page or landing page should be small.
            Several Megas of pure code for a page ? Don't. Never. Ever.
            Big images ? Don't. Include the images or media into your html by links, and upload them separately. Thus breaking the total absolute file size to less big.

            Remember : all these megas are also stored into the unique system config file. Don't bloat it, or it will blow …

            @retestreak:

            I'm thinking about performing a reset to factory defaults… I think i messed up my box.

            Well … if you only edited settings that a reset will do fine.

            @retestreak:

            Should i try the force_fsk  ? Will this fix anything?

            fsk - as the famous chkdsk from DOS (and still Windows) will only show low level file system errors. If these happens than your are hitting the reset button far to often (typical : never use this button will do) or your hardware (drives) is utterly failing ….

            I advise you to use the default login page, on build up from there.
            As soon as everything breaks, you know where to look.

            Btw  of course it IS possible to upload YOUR own 'huge' captiive portal  login file.
            But .... FIRST check out /etc/inc/captiveportal.inc - you will discover that the "htlml login page" is created on the fly when a client logs in. Some 'have to be there variables are changed for their actual values before it's written to a temp file that the web server uses to "serve the client".
            So .... be ready to rewrite parts of the PHP (means : dead easy, so simple ....) that handle the captive portal.

            Put your page on a diet. It should be a login page, not some Youtube look alike.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • R
              retestreak
              last edited by

              @Gertjan:

              @retestreak:

              ….
              I'm sorry it is not port 2000 it is the default one. 8002

              Aha .. ok.

              @retestreak:

              And the problem with the file manager on PFsense is that i'm not allowed to upload more then a couple MB.

              That problem was solved in the eighties already. Golden Rule : a home page or landing page should be small.
              Several Megas of pure code for a page ? Don't. Never. Ever.
              Big images ? Don't. Include the images or media into your html by links, and upload them separately. Thus breaking the total absolute file size to less big.

              Remember : all these megas are also stored into the unique system config file. Don't bloat it, or it will blow …

              @retestreak:

              I'm thinking about performing a reset to factory defaults… I think i messed up my box.

              Well … if you only edited settings that a reset will do fine.

              @retestreak:

              Should i try the force_fsk  ? Will this fix anything?

              fsk - as the famous chkdsk from DOS (and still Windows) will only show low level file system errors. If these happens than your are hitting the reset button far to often (typical : never use this button will do) or your hardware (drives) is utterly failing ….

              I advise you to use the default login page, on build up from there.
              As soon as everything breaks, you know where to look.

              Btw  of course it IS possible to upload YOUR own 'huge' captiive portal  login file.
              But .... FIRST check out /etc/inc/captiveportal.inc - you will discover that the "htlml login page" is created on the fly when a client logs in. Some 'have to be there variables are changed for their actual values before it's written to a temp file that the web server uses to "serve the client".
              So .... be ready to rewrite parts of the PHP (means : dead easy, so simple ....) that handle the captive portal.

              Put your page on a diet. It should be a login page, not some Youtube look alike.

              Heel erg bedankt Gertjan ;) (Thanks a lot)

              My portal page might be a bit too much..
              What do you think ?

              https://ufile.io/xuf2m

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                13 Mbytes  >:(

                Put it on a diet.

                (maar het zou moeten werken indien je alle regels respecteert -> zie ingebouwede pagina als voorbeeld).

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.