Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Whitelist wildcard domains / hosts

    Captive Portal
    2
    2
    970
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Surfhire last edited by

      Hello

      Can anybody suggest a way to implement whitelisting of domains using a wildcard on the pfSense CP?

      The only discussions I can find on this subject is this thread from a few years ago:

      https://forum.pfsense.org/index.php?topic=44264.0

      That thread mentions that this was done in a private build and was performing well, however I cannot find any further information on it.

      My end objective here is to use an external hosted portal that allows people to login using Facebook/Twitter etc. and that requires me to whitelist a couple of CDNs and some other domains using a wildcard i.e. *.cloudfront.net, *.akamaihd.net  etc.

      I wouldn't be against proposing a bounty to make this feature available if someone could explain a sensible way of doing this that would scale reasonably well and would be prepared to put the work into adding the support to the GUI (though frankly even if a reasonable spec box was only able to handle 1-2k clients I can just deploy multiple ones and distribute clients across them).

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        As jimp already explained (implicit), you should intercept all DNS requests, and match them with the with listed domain names.
        If you have a match, the resulting IP should be fed into the allowed IP list of the portal page. You probably have to issue en redirect to your client.
        Some caching will needed, otherwise portal access will slow down as easy DNS request has to be filtered.

        This is what I should call a "bounty project".

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy