Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal Page Not Working With HTTPS

    Scheduled Pinned Locked Moved Captive Portal
    8 Posts 4 Posters 10.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bassmoore
      last edited by

      Hi,

      We have setup a captive portal page but it will only display when you enter a HTTP address.

      For example the idea is when they connect to a Free Wifi service they open Google Chrome they are met with the Captive Portal Page and then they press continue and they can browse the web. This works but only with HTTP addresses.

      E.g. when you open Http://www.google.com it shows the captive portal page but when you open https://www.google.com nothing happens!

      running 2.0.3 no more updates available.

      Thanks in advance!!!

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Correct. Not possible with HTTPS.

        1 Reply Last reply Reply Quote 0
        • B
          bassmoore
          last edited by

          So there is no workaround at all?!?

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Nope.

            1 Reply Last reply Reply Quote 0
            • D
              dhatz
              last edited by

              As discussed many times in the past, a CP can't redirect https, search the forum for details, e.g. http://forum.pfsense.org/index.php/topic,53630.0.html (unless one has full control over the client PCs, adds own RootCA and spoofs the https certificate on the fly – effectively doing a MitM attack).

              PS: However, a CP could play nice, by sending a TCP reset so that the client's application can recover immediately, rather than drop the packet and let it time-out many seconds later. However this isn't possible with pfSense's CP (see comments at http://redmine.pfsense.org/issues/2006 )

              1 Reply Last reply Reply Quote 0
              • B
                bassmoore
                last edited by

                Thanks for the replies, can anyone suggest any other software that will do this?

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  Not really… Either you'll get those flashy red warnings about certificate mismatch, or you'd need a wildcard MITM certificate - again will produce huge red flashy warnings since no trusted CA preinstalled on an OS will issue such thing to you, and noone with a sane mind will install that manually. Frankly, the whole captive portal thing is evil from the very bottom of how it works. Internet != HTTP/web.

                  1 Reply Last reply Reply Quote 0
                  • K
                    Kababayan
                    last edited by

                    @bassmoore:

                    Hi,

                    We have setup a captive portal page but it will only display when you enter a HTTP address.

                    For example the idea is when they connect to a Free Wifi service they open Google Chrome they are met with the Captive Portal Page and then they press continue and they can browse the web. This works but only with HTTP addresses.

                    E.g. when you open Http://www.google.com it shows the captive portal page but when you open https://www.google.com nothing happens!

                    running 2.0.3 no more updates available.

                    Thanks in advance!!!

                    Check enable HTTPS login then https browsing will be redirected also. You need to setup your cert.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.