Community discussions

MikroTik App
 
User avatar
genesispro
Member Candidate
Member Candidate
Topic Author
Posts: 283
Joined: Fri Mar 14, 2014 12:33 pm

Feature Request: Hotspot HTTPS redirection problem!!!

Fri Dec 18, 2015 10:57 am

many of mikrotik hotspot distributors would be more than happy if you had an option to catch ALL pages including the HTTPS ones and redirect them to the captive page portal without any errors. Several other way less smart hotspot systems can do it... I believe that mikrotik could provide that as an option as well.

I personally have more that 400 mikrotik hotspot installations that would appreciate it!!!!!! :)
 
aquiloni
just joined
Posts: 14
Joined: Thu Mar 07, 2013 9:52 pm

Re: Feature Request: Hotspot HTTPS redirection problem!!!

Fri Dec 18, 2015 4:59 pm

I would be also quite happy if they would implement it!
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2400
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: Feature Request: Hotspot HTTPS redirection problem!!!

Fri Dec 18, 2015 5:01 pm

Wait, and how to those other systems intercept HTTPS requests without an error in the user's browser? TECHNICALLY speaking? Can you give an example of such a hotspot system?


(What you can do right now in RouterOS about HTTPS connections is to either force users to install a certificate of yours, and thus avoid the browser warning OR you could block all HTTPS connections, except those to your hotspot, which would give people an error message that makes it seem like they don't have any internet connectivity, which is somewhat true anyway, but isn't your hotspot login page)
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Feature Request: Hotspot HTTPS redirection problem!!!

Fri Dec 18, 2015 5:31 pm

http://forum.mikrotik.com/viewtopic.php?t=81683

In a nutshell:

SSL is designed to stop man-in-the-middle attacks, which is what transparent hotspot redirection IS.

If you could silently redirect an SSL connection to an arbitrary website without generating alarms, then so can hackers.

Fortunately, most modern devices and operating systems will check to see if the network is behind a captive portal as soon as they're connected, and if it is, they'll just open a browser to get the portal page....

If you really want to avoid the portal page then use MAC address authentication. It happens automatically whenever a user's MAC address shows up in the Hotspot hosts list, and if successful, it will keep the user from ever being redirected at all if they're authenticated.
 
Devil
Member Candidate
Member Candidate
Posts: 170
Joined: Thu Jul 21, 2011 9:13 am

Re: Feature Request: Hotspot HTTPS redirection problem!!!

Mon Jan 25, 2016 10:16 am

HTTPS redirection already happens in mikrotik hotspot, however, because of the way certificates work, users will get a scary warning on their browser regarding of invalid certificate and they need to accept it before they get redirected to hotspot portal page. It is possible to completely block port 443 for unauthorized user to avoid this problem, however, it would also cripple Walled Garden rules on port 443. what i suggest, is another option to only allow port 443 for unauthorized users if it's not going to be intercepted (As in there is a rule for it in Walled Garden (Not to be confused with Walled Garden IP)).
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Feature Request: Hotspot HTTPS redirection problem!!!

Mon Jan 25, 2016 10:54 pm

Enjoy reduced usefulness of transparent http(s) redirection portals as time goes by and more of the web defaults to SSL-only.

At least modern operating systems test for captive portals and just pop up the login screen....

Who is online

Users browsing this forum: Amazon [Bot], dervomsee, GoogleOther [Bot] and 37 guests