Redirection issue after 2.4.5 update



  • Hi there,
    we've just updated our pfsense this morning and we've go an issue with the "redirection after authentication".
    It was running well before with 2.4.4p3 version.
    Our configuration is set as redirect to https://www.qwant.com/?l=fr after authentication.
    We've tried others url like google.fr but weare already redirect ton the msn.com page.
    Testes witch IE, Chrome, Firefox, no change.
    Seems there is a lot of people with the same issue but no clear solution given.
    Anybody could help us? There is anything to check on configuration elsewhere than captive portal setup?
    Thanks.



  • Hi,

    @SylvainGdl said in Redirection issue after 2.4.5 update:

    Seems there is a lot of people with the same issue but no clear solution given.

    With "clear" you mean : click here and it works ?
    Correct. Some editing is needed.
    What I make of it : see here : Captive Portal shows 404 post login after upgrade to 2.4.5
    This post should help you to regain the explicit way of redirecting.

    I also mentioned why some of does do not experience this new behaviour.

    See also Redirection issue



  • Thanks for ,your answer Gertjan.
    I'm not waiting for a"click here and it works". I'd just like using pfsense without regression or infrastructure change.
    You help me to understand how redirection script is working, but as you say, it's not what the documentation is telling about.
    And what I don't understand is why it's not working on windows 10 but working wel on W7, droid ans IOS.

    If anybody found a tips to make the redirection working anyway, fell free to give it. If there's not, we wait for a Netgate correction for the next release.



  • @SylvainGdl said in Redirection issue after 2.4.5 update:

    windows 10

    Using the new browser ? The new Edge is (IMHO) more aggressive, doesn't like to get redirected.
    You have to have to look at the MSN publicity page (pub == money).

    @SylvainGdl said in Redirection issue after 2.4.5 update:

    If anybody found a tips ...

    No tips : a solution !
    See the posts I linked above.
    If your are willing to to more then "click" then apply the solution I mentioned over there ( removing the new code, put back in place the old code -just o couple of lines of PHP script).
    That's why I was talking about the "click" : you'll be needing the keyboard, not the mouse ;)



  • @Gertjan said in Redirection issue after 2.4.5 update:

    If your are willing to to more then "click" then apply the solution I mentioned over there ( removing the new code, put back in place the old code -just o couple of lines of PHP script).
    That's why I was talking about the "click" : you'll be needing the keyboard, not the mouse ;)

    Could you tell me the file you change. I'm going to ask my system administrator to modify it or taking me the rights.
    It's not clear for me at the moment 'cause I can't compare line in file and yours.



  • The source of the issue : https://github.com/pfsense/pfsense/commit/db95c2d855b98225c91c23f3d7ea64b18f1db873
    The file name and path is mentioned : /usr/local/captiveportal/index.php

    This is what I have now :

    if (preg_match("/redirurl=(.*)/", $orig_request, $matches)) {
    	$redirurl = urldecode($matches[1]);
    } elseif ($_REQUEST['redirurl']) {
    	$redirurl = $_REQUEST['redirurl'];
    } elseif (!empty($cpcfg['redirurl'])) {
    	$redirurl = $cpcfg['redirurl'];
    }
    
    /*
    if (!empty($cpcfg['redirurl'])) {
    	$redirurl = $cpcfg['redirurl'];
    } elseif (preg_match("/redirurl=(.*)/", $orig_request, $matches)) {
    	$redirurl = urldecode($matches[1]);
    } elseif ($_REQUEST['redirurl']) {
    	$redirurl = $_REQUEST['redirurl'];
    }
    */
    

    The part between /* ...*/ is commented out now - the code has no effect.
    I added the first 7 lines - which was the code from before, earlier pfSense versions.



  • Perfect
    Many thanks Gertjan



  • @Gertjan

    Hello,

    Am having difficulties with Captive Portal redirection after update to 2.4.5. Our problem is not exactly like is described here ,but very similar. We are using the same custom captive portal page for many years now, which i think is what the differences are. Would the code change you have put here to the captiveportal/index.php file have any effect on a custom captive portal page? Am not sure how this hooks together?

    I have a posted thread here named 'captive portal redirection after update 2.4.5'. Did not see this thread before posting my problem.

    Thank You



  • I'll explain what happened using the old code :
    Note : this part does not exist any more in the 2.4.5 version :

    if (!empty($cpcfg['redirurl'])) {
    $redirurl = $cpcfg['redirurl'];
    } elseif (preg_match("/redirurl=(.*)/", $orig_request, $matches)) {
    $redirurl = urldecode($matches[1]);
    } elseif ($_REQUEST['redirurl']) {
    $redirurl = $_REQUEST['redirurl'];
    }

    If "$cpcfg['redirurl']" exists, then set the rediction to that value.

    You could have set "$cpcfg['redirurl']" like this :

    4b39045a-fdbc-4a05-88a1-f1a315a0a6de-image.png

    Else, if there was an original URL 'redirurl' paramter, it was stored in "$orig_request, and use that
    Else, if the special PHP $_REQUEST exists, it's a PHP super global variable which is used to collect data after submitting an HTML form, with an item called 'redirurl', then that one is used.

    So, before 2.4.5, when you set "After authentication Redirection URL" in the captive portal settings, browser get redirected to that URL, no matter what.

    As of 2.4.5, things have been re ordered :

    First this is looked up in the URL :

    redirurl=(.*)
    

    where .* (dot star) can be "any possible string", normally some ting like "http://www.msn.com" - if it exists, it has a (one) match, the match is used to set the redirurl, the variable to be used to redirect the browser.
    ( this is the same test above at step 2 - explained using others words)
    If not, the $_REQUEST['redirurl'] is tested, and if present, used.
    If not, finally, the $cpcfg['redirurl'] is used, the URL we had set up in our captive portal settings.

    As you can see, it's all the same, but different order.

    Which means that portal visitors are now not redirected any more to what we as pfSense admins decided. It's what the browser (user) wanted to visit initially what is being used now.
    If that doesn't exist == unknown, the captive's portal admin's choice is used.


Log in to reply