Community discussions

MikroTik App
 
mhdganji
just joined
Topic Author
Posts: 23
Joined: Thu Nov 11, 2010 11:42 am

Hotspot redirect does not work when initiating a "HTTPS" URL

Mon Feb 18, 2013 9:16 am

Hi,
A hotspot service is run on a 433 routerboard and is working fine
the problem is :
when a user starts with a https page like https://google.com he is not redirected to the authentication page (he can enter the name or ip of the hotspot gateway and seethe page but as i mentioned redirection does not work)

but interestingly, when he tries a http page, he will be redirected to the login page (for example if he start with a http://test.com)

any help would be appreciated

Thanks
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Hotspot redirect does not work when initiating a "HTTPS"

Mon Feb 18, 2013 2:03 pm

The hotspot only redirects port 80 requests. It won't redirect SSL, email, FTP, or ssh clients. It just blocks them until you are logged in on port 80.
 
bwigham
newbie
Posts: 33
Joined: Sun Oct 10, 2010 11:31 pm
Location: UK
Contact:

Re: Hotspot redirect does not work when initiating a "HTTPS"

Tue Mar 12, 2013 9:07 pm

Is there anyway round this?

A lot of people use google as their homepage and using https://, so whenever they open their browser they're not getting redirected to the login automatically.
 
User avatar
TheWiFiGuy
Member
Member
Posts: 351
Joined: Thu Nov 24, 2011 7:26 pm
Location: UK

Re: Hotspot redirect does not work when initiating a "HTTPS"

Tue Mar 12, 2013 10:51 pm

Not really, no.

If you intercepted the HTTPS response, the users browser would throw up SSL error messages which really scare the users off. IPhones and some newer versions of Android have captive portal helpers which provide a solution, as does Windows 8 and OSX later version , but its still a real PITA.
----------------------
Mikrotik Consultant.
MTCNA, MTWCE, MTCTCE, MTCRE, MTCINE
 
bwigham
newbie
Posts: 33
Joined: Sun Oct 10, 2010 11:31 pm
Location: UK
Contact:

Re: Hotspot redirect does not work when initiating a "HTTPS"

Wed Mar 13, 2013 10:42 pm

I had three people phone me today and our season hasn't started yet, this is going to be fun. :shock:
 
mnour
just joined
Posts: 18
Joined: Wed Jul 25, 2012 10:45 pm

Re: Hotspot redirect does not work when initiating a "HTTPS"

Mon Mar 18, 2013 7:38 pm

so after this conversation , is there a way to make this works , at least , most people make their homepage https://www.google.com

can we at least make something work for the majority ? like setting up an exception for https://www.google.com in Walled Garden ???????
 
reinerotto
Member
Member
Posts: 441
Joined: Thu Dec 04, 2008 2:35 am

Re: Hotspot redirect does not work when initiating a "HTTPS"

Mon Mar 18, 2013 10:58 pm

There MIGHT be a solution for google, at least on LINUX it can be done.
Question only: Is it possible on MT, too ?
The key is the possibility to force the search to be completed NOT using https.
This was introduced by google, to have a chance to block smart guys at school to search for "hot" web pages using SSL :-)

However, the initial contact with google is still via https:, so does MT-hotspot allow a passthu of https:// to google ?
IFF THEN the following will not be possible :-(
IFT:
First of all, it needs messing around with DNS (now into the LINUX world):
- in named.conf:
....
zone "www.google.com" IN {
type master;
file "/etc/google.zone";
};
....

/etc/google.zone:
@ IN SOA localhost. root.localhost. (
2012050900
7200
1800
1209600
300 )

1800 IN NS localhost.
1800 IN A 216.239.32.20 ;nosslsearch.google.com.


When this is applied to the DNS used,
GET www.google.com is still https://, but then all the rest will be http.
Which could be captured by MT hotspot and routed to the login-page.

Now, the MT-gurus at work to translate it to MT :-)
 
Devil
Member Candidate
Member Candidate
Posts: 170
Joined: Thu Jul 21, 2011 9:13 am

Re: Hotspot redirect does not work when initiating a "HTTPS"

Fri Mar 22, 2013 3:00 pm

I wonder why none of you guys mentioned https authentication type in '/ip hotspot profile' . by activating that, hotspot should automatically redirect unauthenticated users trying to access https on port 443, to the login page. however, almost all browsers will warn the users about the potential MITM attack. they have to take actions and allow it each time or add your certificate to the trusted zone for that site (base on the browser they're using). After accepting the certificate, they should be redirected to the hotspot login page.
Take a look at Here . Rule number 12 is responsible for such redirection.
please try it and see if it works. even though i haven't done it myself, i think it should, as ive seen people here complaining about users getting certificate warnings because of that.
Best Regards

Who is online

Users browsing this forum: Biavow, Bing [Bot], kundeepbmtasu and 121 guests