Hotspot https redirect feature

ds12345 · April 9, 2019, 3:44pm

Hi

In 6.44 Mikrotik implemented below:

hotspot - added “https-redirect” under server profiles;

I’ve tested this and it doesnt seem to work, not as far as I can tell. I can see it adding into the firewall rules

8 D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp in-interface=ether2-inside dst-port=443

The rule gets hit when I go to google or something as unlogged in, but nothing happens, no redirects.

Is this tested by anyone, does it work?

Thanks

wallpaper · April 10, 2019, 7:48am

Anyone? Been quite a few large topics on this previously. Is it working for anyone?

Sob · April 10, 2019, 2:39pm

I don’t use hotspot, but doesn’t it do what it should, as described in manual?

Whether to redirect unauthenticated user to hotspot login page, if he is visiting a https:// url. Since certificate domain name will mismatch, often this leads to errors, so you can set this parameter to “no” and all https requests will simply be rejected and user will have to visit a http page.

Or in other words, from someone else who tested it:

https-redirect=yes
if unlogged user try to open https website, it will be redirected to hostpot login with https. same behavior as previous version
so browser will show cert warning because cert common name is not same with domain

https-redirect=no
if unlogged user try to open https website, it will be rejected/refused so browser will error like there is no internet access

ds12345 · April 14, 2019, 10:09am

No,

https-redirect=yes
if unlogged user try to open https website, it will be redirected to hostpot login with https. same behavior as previous version
so browser will show cert warning because cert common name is not same with domain

This part doesn’t work. Basically it just does the below:

https-redirect=no
if unlogged user try to open https website, it will be rejected/refused so browser will error like there is no internet access

Anyone else managed to test? I can see the firewall rule getting hit, but nothing happens.

R1CH · April 15, 2019, 8:37pm

The redirection will never work due to security guarantee of HTTPS. Documentation should be like this:

https-redirect=yes

Show a security error if user tries to open HTTPS website.

https-redirect=no

Show a network error if user tries to open HTTPS website.

ZiadZone · November 2, 2019, 7:28am

Nothing happens no redirection to the login page so this option is useless
at least i got rid of those dynamic nat rules by setting https-redirect=no