Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CaptivePortal no redirect https

    Captive Portal
    3
    6
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      woni
      last edited by

      I have read the topic https://forum.pfsense.org/index.php?topic=53630.0
      They say: redirect of https is impossible. But, other CPs like the ALLNET HOTSPOT can do this.

      Is there realy no solution?

      Thx

      1 Reply Last reply Reply Quote 0
      • T
        Trel
        last edited by

        @woni:

        I have read the topic https://forum.pfsense.org/index.php?topic=53630.0
        They say: redirect of https is impossible. But, other CPs like the ALLNET HOTSPOT can do this.

        Is there realy no solution?

        Thx

        It's my biggest show stopper in actually using this.

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by

          Hi there.

          Intercepting and redirecting a SSL connection to a non SSL one isn't a big deal.
          But no one will be able to 'control' the behavior of the web browser: it will show the famous "security alert" because the the certificate received (the one from our portal) doesn't mention "www.facebook.com" ….
          So, why not, adding some SSL man-in-de-middle scheme to pfSEnse and all will be fine .... ?!

          I understood that the direction of pfSense refuses to build such a thing.
          You, as an admin, will have the possibility to analyses any of your clients private SSL connections (bank, paypal, fisc, company, .... - your portal visitors will be happy because your https portal works without issues, but when they find out that you have the possibility to 'read' their ssl sessions you'll be looking for a lawyer very soon ...)

          The good news is that some browsers (with some OS help) are already captive-portal 'prepared' and launch a simple 'http request' to see if the connection is behind some (firewall) portal.
          As far as I know the iDevices (iPhone, iPpad, iEtc) handle the salutation very well.
          Others might follow.

          And, maybe, Wifi user will get used to the fact that they should:
          Connection to the Wifi access point.
          Browse to some random 'http' site NOT and https site.
          They will find the login page .....
          Now, they can start using other programs (mail clients, P2P, SSH, etc etc etc) and start https sessions ...

          Btw: no one ever complained that Outlook can't connect to a captive portal - "You should use a browser first to unlock ...."
          Well, just add 4 words to that rule: " .. using a http site".

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • T
            Trel
            last edited by

            Someone elsewhere mentioned there's HTTPS redirection in 2.2 if you enable the HTTPS captive portal page?

            Is this accurate?

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              Source ?

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • T
                Trel
                last edited by

                @Gertjan:

                Source ?

                It was a reply to something on reddit.  It's not a source.  That's why I'm asking if there's anything accurate about that.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.