Community discussions

 
ds12345
just joined
Topic Author
Posts: 18
Joined: Mon Mar 12, 2018 12:08 pm

Hotspot https redirect feature

Tue Apr 09, 2019 6:44 pm

Hi

In 6.44 Mikrotik implemented below:

hotspot - added "https-redirect" under server profiles;

I've tested this and it doesnt seem to work, not as far as I can tell. I can see it adding into the firewall rules

8 D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp in-interface=ether2-inside dst-port=443

The rule gets hit when I go to google or something as unlogged in, but nothing happens, no redirects.

Is this tested by anyone, does it work?

Thanks
 
wallpaper
just joined
Posts: 5
Joined: Tue Dec 02, 2014 6:37 pm

Re: Hotspot https redirect feature

Wed Apr 10, 2019 10:48 am

Anyone? Been quite a few large topics on this previously. Is it working for anyone?
 
Sob
Forum Guru
Forum Guru
Posts: 4542
Joined: Mon Apr 20, 2009 9:11 pm

Re: Hotspot https redirect feature

Wed Apr 10, 2019 5:39 pm

I don't use hotspot, but doesn't it do what it should, as described in manual?
Whether to redirect unauthenticated user to hotspot login page, if he is visiting a https:// url. Since certificate domain name will mismatch, often this leads to errors, so you can set this parameter to "no" and all https requests will simply be rejected and user will have to visit a http page.
Or in other words, from someone else who tested it:
https-redirect=yes
if unlogged user try to open https website, it will be redirected to hostpot login with https. same behavior as previous version
so browser will show cert warning because cert common name is not same with domain

https-redirect=no
if unlogged user try to open https website, it will be rejected/refused so browser will error like there is no internet access
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
ds12345
just joined
Topic Author
Posts: 18
Joined: Mon Mar 12, 2018 12:08 pm

Re: Hotspot https redirect feature

Sun Apr 14, 2019 1:09 pm

No,
https-redirect=yes
if unlogged user try to open https website, it will be redirected to hostpot login with https. same behavior as previous version
so browser will show cert warning because cert common name is not same with domain
This part doesn't work. Basically it just does the below:
https-redirect=no
if unlogged user try to open https website, it will be rejected/refused so browser will error like there is no internet access
Anyone else managed to test? I can see the firewall rule getting hit, but nothing happens.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 883
Joined: Sun Oct 01, 2006 11:44 pm

Re: Hotspot https redirect feature

Mon Apr 15, 2019 11:37 pm

The redirection will never work due to security guarantee of HTTPS. Documentation should be like this:

https-redirect=yes
Show a security error if user tries to open HTTPS website.

https-redirect=no
Show a network error if user tries to open HTTPS website.

Who is online

Users browsing this forum: Onlineallthetime and 39 guests