Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Whitelist wildcard domains / hosts

    Captive Portal
    2
    2
    1030
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Surfhire last edited by

      Hello

      Can anybody suggest a way to implement whitelisting of domains using a wildcard on the pfSense CP?

      The only discussions I can find on this subject is this thread from a few years ago:

      https://forum.pfsense.org/index.php?topic=44264.0

      That thread mentions that this was done in a private build and was performing well, however I cannot find any further information on it.

      My end objective here is to use an external hosted portal that allows people to login using Facebook/Twitter etc. and that requires me to whitelist a couple of CDNs and some other domains using a wildcard i.e. *.cloudfront.net, *.akamaihd.net  etc.

      I wouldn't be against proposing a bounty to make this feature available if someone could explain a sensible way of doing this that would scale reasonably well and would be prepared to put the work into adding the support to the GUI (though frankly even if a reasonable spec box was only able to handle 1-2k clients I can just deploy multiple ones and distribute clients across them).

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        As jimp already explained (implicit), you should intercept all DNS requests, and match them with the with listed domain names.
        If you have a match, the resulting IP should be fed into the allowed IP list of the portal page. You probably have to issue en redirect to your client.
        Some caching will needed, otherwise portal access will slow down as easy DNS request has to be filtered.

        This is what I should call a "bounty project".

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post