HTTPS-redirect with RoS 7.5 - bad news for hotspots...

Unfortunately the https-redirect parameter of IP/Hotspot/Profile has been removed in RoS 7.5 :

Extract from change logs :
*) hotspot - removed “https-redirect” option;

This is very annoying because we are using Mikrotik routers for hotspots and without this feature, the unauthenticated users are no longer automatically sent to hotspot login page, which is a big problem for our hotspot deployments.

Is there another way to enable https redirection on RoS 7.5+ ?
Or could you consider adding this feature in new releases ?

Thanks

But it never really worked anyway. Or did it? I mean properly, without certificate errors. Any client should be aware that hotspots exist and try to detect them automatically. If that doesn’t work with your hotspot for some reason, it’s probable best to try to find why. Because it should, and then you wouldn’t need to redirect https.

Like the above poster says, all modern operating systems do some checking in the background and can detect that there is a login page, and then show it.
So what specifically is not working for you since this change?

Thanks for your replies, let me provide the context

We have a lot of hotspots (several hundres) running with Mikrotik routers for several years with many models from hex to CCR.
They are set with external captive portal (ADIPSYS Hotspot Manager) + signed SSL certificate with HTTPS and https-redirect set in profiles.
Without HTTPS / https-redrect on RoS v6, we had warnings during the POST process with modern browsers that detect when the portal in https is then switching to http post.
So we added an SSL certificate and all is working good.

We had recently a RB4011 with RoS 7.6 and noticed that https-redirect disappeared.
We did a simple test with the same setup than usual and a laptop running win11 connected

With our standard setup, when we do that, the browsers (edge, firefox) can identify that the laptop is behind a hotspot, and are pushing the user to click on a link with trigger the captive portal appereance. I can provide a screenshot of the message you get but this is a classic message.

With RoS v7.6, it did not happen : the browser could detect that the laptop was behind a hotspot
And if the user has the browser set with a https URL (which is very likely to happen), you get an error (just normal)
Tested with Firefox, Edge, Chrome.

I did not yet test on Android / iPhone, I hope it works but to be checked. But my first concern is that for hotspots on which we have users running a Windows laptop, which corresponds to a significant amount of users, removing the https-redirect will for sure increase the calls to technical support.

All Wi-Fi vendors are keeping the “HTTPS redirect” feature, so my suggestion would be to keep this feature even if you think this is not relevant. Because on the contrary to what you say, when you run WiFi Hotspots, you have a looooot of devices running multiple operating systems, old and “modern”.
And Windows11, which is what I would call a modern operating system, did not achieve correctly this detection with RoS v7.6, while I guarantee it works very well with the https-redirect feature on RoS v6 firmware.
I can provide more info if you want to reproduce it.

I have the same issue since 7.5.
only rfc 8908 with dhcp option 114 works a boot start…with Win 11 and Mac OS

but if you cancel it, the page is not appear again because https is not redirected, If you call a http website, thats work…but at this time 99% are on https now…
https is no more redirect to captive portal, we have to communicate to user the url of the portal.

we use Unifi, Tplink and Fortinet captive portal that works correctly with https redirect.

@normis, some times this is difficult to understand why Mikrotik remove key features…

I precise that concern only user using ethernet connection, Wifi connection redirection works perfect because they using rfc8908 at each time you connect in wireless…
not the case in physical ethernet. That reduce the issue, but for some users

I’m testing with RouterOs 7.11 and there is no https-redirect option.
While un-authenticated.
When I browse to HTTP domain it’s redirect me to login page correctly.
When I enter just domain for example “google.com” then it’s redirect me to login page correctly.
When I enter domain with HTTPS for example “https://google.com” then it is not redirect me to login page but showing error message.

“PR_END_OF_FILE_ERROR”

I have a lot of MKs with hotspot-enabled networks, and I wasn’t even aware of https-redirect stuff. As already said, any modern OS will try identifying the presence of a hotspot using regular HTTP connections, not HTTPS. In the dozen cases I have, serving thousand of different users daily, there’s really no big problem on not intercepting HTTPS connections for that purpose. As already also said, any modern OS/browser will fail on certificate-checks anyway for HTTPS intercepted connections.

MK Hotpost never needed/required HTTPS interception to work anyway, at least not for serving Wiindows/Android/iOS/Mac devices.

Is there anyway to replicate the HTTPS redirect feature by creating the Firewall rules manually?

Is there already a solution to this redirection problem? I also need this function in my use case.

Please restore “https-redirect” option
PLEASE

I concur with this. We have several campground customers that were on rOS 6.0 with HTTPS-Redirection, and zero issues - just worked. This is with using external captive portal or hotspot providers.

Bring back HTTPS-Redirect in rOS 7.X…

This is causing havoc with our customers and they’re wanting to switch vendors. Would like a firewall rule, or this brought back.

I’m setting up a simple hotspot with a trial option, aiming for a single ‘accept conditions’ button on the captive portal. However, I’m encountering the same HTTPS redirection issue described in this thread. Using Windows, and with nearly all websites now using HTTPS, users aren’t being automatically redirected to the login page. When trying to access an HTTP site like neverssl.com, redirection works fine. I understand that ‘https-redirect’ was removed in RoS 7.x, and it seems there’s no reliable workaround.
This is a significant problem, as it’s unrealistic to expect users to manually enter the login URL. I’m not using an SSL certificate on the router, but from what I’ve read, that wouldn’t solve the HTTPS redirection problem anyway.

Has anyone found a practical solution or workaround to achieve HTTPS redirection in RoS 7.x?

Any insights or advice would be greatly appreciated.
Many thanks!

The issue persists in version 7.18.2. The http-redirect option does not exist. Please add it.

You likely should enable the DHCP options that modern OSes use for redirect, see:
https://help.mikrotik.com/docs/spaces/ROS/pages/56459266/HotSpot+-+Captive+portal#HotSpotCaptiveportal-UsingDHCPoptiontoadvertiseHotSpotURL

Also, if the TLS cert name does not match, the DHCP redirect option will not work.

I just did more tests and support for RFC 7710 and RFC 8910 is automatically enabled but Windows does not use it at the moment. It works very well with Android.