I’m trying to find a way to have some social integration on my hotspot login page prior to client logging in to the hotspot (ie facebook wall, share on facebook etc), but I don’t want them to be able to go to facebook directly.
Currently I use radius for authentication and I have set it up to give each user a 5 minute temporary pass so the page can load and they can post out to facebook etc. Then it times out and they enter their code and can get full access. The problem is that this temp pass gives them full access for the 5 minutes, so they can in effect move off the landing page and just access facebook or any site directly. It’s not too much of a problem having them accessing the other sites for the 5 minutes, but it can cause a bit of confusion if they haven’t actually logged in and they go off browsing or in the case of mobiles, just open the facebook app or something. Because it works they think they are logged in, then wonder why they get kicked off.
What I’d really like is someway to only the facebook data and requests to work through my landing page. I noticed all the calls to facebook don’t go directly to www.facebook.com for any of the fb api stuff or their widgets. So I was wondering if there was some way to block access to www.facebook.com only (so it fails in their browser), but ONLY for unauthorised hotspot users. once they login then give them access again.
I’ve been racking my brains on a better way to do this and thought I’d put it out there and see if anyone has any decent ideas. Webproxy was a thought, but it can’t handle https so I don’t think it’s going to work.
Does L7 filtering work with https? If so is it possible to set it up to only filter on the un-auth chain? Can anyone help me understand how to do this please?
Cheers
Paul