Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allowed web server IP address through captive portal is very slow

    Scheduled Pinned Locked Moved Captive Portal
    10 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xsmael
      last edited by

      I have enabled the captive portal and allowed the IP address of a web server having a web app that enables users to pay for the service
      but accessing that web app when the portal is on and the user not authenticated is very slow, and sometimes it goes as far as 2minutes before the page loads. Is this behavior normal ?

      How can I speed it up ?

      NB: the web app has no issue, once the portal is disabled it loads fast.

      Thanks for any help!

      F 1 Reply Last reply Reply Quote 0
      • F
        free4 Rebel Alliance @xsmael
        last edited by

        @xsmael
        No, that's not normal

        The likely explanation is that your application require ressources (eg, images, CSS design, fonts, etc...) That are not hosted in the same web server than your app.

        You should have a look to the ressources used by your application. You could easly do this using packet capture on pfsense, or using ADB logcat on your Android device

        1 Reply Last reply Reply Quote 1
        • X
          xsmael
          last edited by

          as said before, when some one do login or when i disable the captive portal, then i don't have that issue, it loads fast. its only slow that way when the captive portal is enabled even though i allowed the ip address.

          1 Reply Last reply Reply Quote 0
          • F
            free4 Rebel Alliance
            last edited by free4

            @xsmael
            I understand that you whitelisted one IP address matching the server containing your application.

            But it seems like your application is also using external ressources (such as bootstrapcdn.com for the design, fonts.google.com for the fonts, etc ..). Did you also whitelisted IP addresses of Google/StackPath/whateverExternalRessourceYourAppIsUsing?

            Please check the external ressources required for your app to work.

            X 1 Reply Last reply Reply Quote 1
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              Where exactly is this webapp hosted.. What is the fqdn to get there? I assume its public hosted somewhere.. What is this IP you allowed?

              As free4 stated it could be trying to get the client to load stuff from other IPs - which might not actually be required for the site to work.. But could be slowing it down, etc..

              Simple looking in say a browser tool when you go there will list all the things being loaded or attempted to be loaded.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • X
                xsmael @free4
                last edited by

                @free4
                Yes you're right it was loading fonts from fonts.google.com, but i removed it, all the other resources are stored locally in the webserver itself!

                I cross-checked by looking at all the network tab in dev tools. and all is clear.

                @johnpoz
                we have a router with public IPs for couple servers we run, pf sense is below that router with its wan configured with a public IP, the webserver is at the same level, with a public IP as well.

                in the capitve portal we have a page with an input for vouchers, and below that an iframe loading our web app.
                but even if we try accessing the web app direclty by typing its IP address in browser it loads incredibly slow!.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz

                  @xsmael said in Allowed web server IP address through captive portal is very slow:

                  IP address in browser it loads incredibly slow!.

                  Maybe its just a slow site... without more details there is nothing anyone can do to help you.

                  the webserver is at the same level, with a public IP as well.

                  That screams asymmetrical to me... So this server is in a transit network that is public, and so is pfsense wan in the same L2 on the same subnet? Or different?

                  Draw up how you have this setup.. what is ip of this server and mask compared to pfsense wan IP and mask?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  X 1 Reply Last reply Reply Quote 0
                  • X
                    xsmael @johnpoz
                    last edited by

                    @johnpoz

                    @johnpoz said in Allowed web server IP address through captive portal is very slow:

                    Maybe its just a slow site... without more details there is nothing anyone can do to help you.

                    Not really, as i mentioned, if i disable the captive portal only it loads faster, normally, or if i login using a voucher and have normal access to internet, it also loads fast. but once i enable the captive portal and not yet logged, then its slow, even though i allowed the IP.

                    @johnpoz said in Allowed web server IP address through captive portal is very slow:

                    Draw up how you have this setup.. what is ip of this server and mask compared to pfsense wan IP and mask?

                    Honestly i dont know very well the network architecture, just and idea.
                    the IP of the web server is something like IP: 83.229.62.147 mask: 255.255.255.192
                    the IP of the pfsense WAN is something like IP: 83.229.62.87 mask: 255.255.255.192
                    they both have the same default gateway.

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      Packet capture and see what else the client is trying to access that isn't whitelisted.

                      When you disable the portal, of course these are not blocked and it will load quickly.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • X
                        xsmael
                        last edited by

                        In deed the problem was the application is also using external ressources but i didnt notice the change as soon, now I downloaded whatever resources was needed and I load it locally.

                        That solved my problem.

                        Thanks!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.