Using Captive Portal to permit whitelist only browsing



  • First apologies if this should be in the main forum not 2.0RC but I believe this is a 2.0 feature.

    Last weekend I planned on implementing a captive portal for a client to act as a catchall for a public wifi platform at a festival.  Users received the captive portal page, where I had removed all the buttons allowing people to authenticate to the portal (ie thereby denying all browser traffic and also causing my cp page to appear on mobiles (99% of all users) who connected to the wireless when they tried to browse)

    And that worked great, I added the two sites the client wanted suers to get to into allowed hostnames and added links to the cp page.

    It all worked perfectly until the client then asked to allow twitter and facebook - which have a %lot% of URLs.  I tried and failed, and eventually had to allow open access to the internet in order for them to work

    Has anyone else tried this and succeeded?  I found that without being able to add wildcard hostnames I couldn't catch all the pages needed - for browser access, mobile access, access via apps and all the other interfaces they have.  Also it took forever to add them all, is there a way of importing URLs by some workaround (add them to an xml file or similar on the server itself?)

    Thanks

    –Chris


  • Rebel Alliance Developer Netgate

    That is not the intended use of that feature, and you've just found out why. :-)

    That feature was only meant to allow pre-auth access to a certain web site, so that an informational page or alternate sign-on page could be used on an external URL.

    It wasn't meant to be a web site filter. For that, install squid+squidGuard and then you can filter it any which way you want.



  • Sorry for the late reply, I didn't see the email with the update on it!

    I guess that means that with a captive portal used legitimately (ie with vouchers, I can't allow facebook/twitter etc without a voucher

    Or better, I find customers who are not entirely driven by their marketing teams ("what, we can't have twitter access?!")

    :)


Locked