<html><body bgcolor="#FFFFFF"><div>The problem is that the best place to put this is in the URL handler on the ap. Then it's a basically no-op as far as the firewall rules are concerned.</div><div><br></div><div>The issue is that I don't believe it will follow an http redirect and even if it did, the login page entry point on the auth server would need to identify and respond.</div><div><br></div><div>Maybe if you can get me verbose httpd logs from an apple device? Or better yet a fell packet capture of the authentication transaction?</div><div><br></div><div>Alex<br><br><br></div><div><br>On 2011-08-25, at 16:47, Geneviève Bastien <<a href="mailto:gbastien@versatic.net">gbastien@versatic.net</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>
Thanks Alex for this fast patch!<br>
<br>
But I think I'd prefer the server side solution if possible, as it
does not involve reflashing our few hundreds access points and the
day android thinks this feature is so great and decide to implement
it as well, it would be easier to modify... <br>
<br>
Unless there is a reason to favor a client-side solution? Maybe
Apple will not like the url redirect to login page... <br>
<br>
Geneviève<br>
<br>
<br>
On 11-08-25 02:44 PM, acv wrote:
<blockquote cite="mid:20110825184404.GD36607@miniguru.ca" type="cite">
<pre wrap="">And of course I screw up the URL. Forgot the leading /. Please use this instead.
Alex
On Thu, Aug 25, 2011 at 01:40:40PM -0400, Genevive Bastien wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Date: Thu, 25 Aug 2011 13:40:40 -0400
From: Geneviève Bastien <a class="moz-txt-link-rfc2396E" href="mailto:gbastien@versatic.net"><<a href="mailto:gbastien@versatic.net">gbastien@versatic.net</a>></a>
To: <a class="moz-txt-link-abbreviated" href="mailto:wifidog@listes.ilesansfil.org"><a href="mailto:wifidog@listes.ilesansfil.org">wifidog@listes.ilesansfil.org</a></a>
Subject: Re: [isf-wifidog] Wifidog, portal page and Apple auto-login
Thanks for the answer, but that is not the issue. It is more Apple
products bypassing the portal page, the whole login process is all fine.
I found this:
<a class="moz-txt-link-freetext" href="http://blogs.oucs.ox.ac.uk/networks/2009/10/12/fixing-the-iphone-os-wifi-auto-login-problem/"><a href="http://blogs.oucs.ox.ac.uk/networks/2009/10/12/fixing-the-iphone-os-wifi-auto-login-problem/">http://blogs.oucs.ox.ac.uk/networks/2009/10/12/fixing-the-iphone-os-wifi-auto-login-problem/</a></a>
Which may suggest that we could bypass the auto-login feature from the
server side by answering the request with the expected output. The user
will then have to open a browser page to see the actual login and portal
pages.
Geneviève
On 11-08-25 01:12 PM, acv wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Marcos' comments below are not completely accurate, the ping was not a
test itself,
in fact the gateway never bothered reading the response... The idea was to
cause
the client to generate activity. Then activity (measured in bytes received
from
client since last polling) was used.
In src/firewall.c, fw_sync_with_authserver() implements the timeout logic,
it includes
this tidbit:
/* Ping the client, if he responds it'll keep activity on the
link.
* However, if the firewall blocks it, it will not help. The suggested
* way to deal witht his is to keep the DHCP lease time extremely
* short: Shorter than config->checkinterval * config->clienttimeout
*/
ping was to be a BACKUP way of generating activity but using DHCP as
suggested here is
much more reliable.
Cheers,
Alexandre
On Thu, Aug 25, 2011 at 01:06:29PM -0300, Marcos Tadeu wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Date: Thu, 25 Aug 2011 13:06:29 -0300
From: Marcos Tadeu<a class="moz-txt-link-rfc2396E" href="mailto:marcos@v2r.com.br"><<a href="mailto:marcos@v2r.com.br">marcos@v2r.com.br</a>></a>
To: <a class="moz-txt-link-abbreviated" href="mailto:wifidog@listes.ilesansfil.org"><a href="mailto:wifidog@listes.ilesansfil.org">wifidog@listes.ilesansfil.org</a></a>
Subject: Re: [isf-wifidog] Wifidog, portal page and Apple auto-login
Can you ping the Apple products from wifidog captive portal machine,
after login?
If not, it is the problema: wifidog need to ping client to know that it
is alive. If an firewall drop the ping, wifidog consider it dead. And...
pouf.
On 08/25/2011 12:38 PM, Geneviève Bastien wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello all,
We have a problem with the portal page and Apple products and their
auto-login feature. Right now, when any iOs product and now Lion
connects to a wifidog router, they are shown the login page right
away, and the minute they have access to the internet (<a href="http://apple.com">apple.com</a>
site), pouf! it's gone, so they never see the portal page.
But the portal page is really important to us and this situation is
really annoying (40 to 50% of our users use Apple products!).
Did anyone come up with a solution to this? Or do you know any
captive portal solution that did? Any ideas on the topic? (putting
<a href="http://apple.com">apple.com</a> in the walled garden is not a viable option)
Thanks,
Geneviève
_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org"><a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog"><a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a></a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org"><a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog"><a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a></a>
_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org"><a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog"><a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a></a>
</pre>
</blockquote>
</blockquote>
<pre wrap=""></pre>
</blockquote>
<pre wrap=""></pre>
<blockquote type="cite">
<pre wrap="">_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org"><a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog"><a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a></a>
</pre>
<pre wrap=""><fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org"><a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog"><a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a></a></pre>
</blockquote>
</blockquote>
<br>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>WiFiDog mailing list</span><br><span><a href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a></span><br><span><a href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a></span></div></blockquote></body></html>