<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Indeed, we force-feed the portal page to the user for a reason and
we don't want Apple user to be another category of users who do not
see the portal page. <br>
<br>
I think a solution like Alex says would be a good start, at least it
is worth a try and see how our users react (we'll know soon enough,
once this is on ;-)<br>
But it should remains configurable so groups who don't care about
the portal page can disable this.<br>
<br>
The ideal solution, that wouldn't ruin the UX of Apple users and
still show the content of the portal page would need to come from
Apple themselves, but I wouldn't count on that anytime soon.<br>
<br>
Gen<br>
<br>
<br>
<br>
On 11-09-02 03:14 PM, acv wrote:
<blockquote cite="mid:20110902191403.GB26924@miniguru.ca"
type="cite">
<pre wrap="">There's no way to have the cake and eat it too.
If the service provider wants to provide a splash page as condition for
making it worth their while to provide the service, it is their
prerogative.
If the service provider want to provide convenient internet access with
the least fuss, then the status quo is good enough.
Alex
On Fri, Sep 02, 2011 at 09:05:27PM +0200, Max Horvth wrote:
</pre>
<blockquote type="cite">
<pre wrap="">From: Max Horváth <a class="moz-txt-link-rfc2396E" href="mailto:info@maxhorvath.com"><info@maxhorvath.com></a>
Date: Fri, 2 Sep 2011 21:05:27 +0200
To: WiFiDog Captive Portal <a class="moz-txt-link-rfc2396E" href="mailto:wifidog@listes.ilesansfil.org"><wifidog@listes.ilesansfil.org></a>
X-Mailer: Apple Mail (2.1244.3)
Subject: Re: [isf-wifidog] Wifidog, portal page and Apple auto-login
Thinking about this solution (or any other) has its flaw ... it only works in the context of browsing the web using a browser.
But if the user decides to use any other app (with HTTP communication), it just sabotages the workflow ... and the user won't use the browser anyway ...
Just my 2 cents ...
On 02.09.2011, at 18:04, acv wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I've got an idea that might work and be a bit more flexible:
1. Add something to the configuration for know "signatures" of verification
pages
2. Upon authentication, mark the user as authenticated and lift all restrictions
but redirect HTTP to a different port on the device. Call this state "post-splash".
3. In post-splash status, a config file would specify the known signatures for
"online test" URLs and proxy those. This could also be done with firewall rules
I think.
4. The first web request that's not an online test gets redirected to post-authentication
splash page.
5. Router lifts the redirect altogether immediately after 4. above. So only *1* HTTP call
gets redirected.
What do you think?
Alex
On Thu, Aug 25, 2011 at 06:33:52PM -0400, Genevive Bastien wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Date: Thu, 25 Aug 2011 18:33:52 -0400
From: Geneviève Bastien <a class="moz-txt-link-rfc2396E" href="mailto:gbastien@versatic.net"><gbastien@versatic.net></a>
To: <a class="moz-txt-link-abbreviated" href="mailto:wifidog@listes.ilesansfil.org">wifidog@listes.ilesansfil.org</a>
Subject: Re: [isf-wifidog] Wifidog, portal page and Apple auto-login
If I can get my hands on a Apple product I'll make some further tests
and outputs... I'll keep you posted.
Thanks,
Geneviève
On 11-08-25 06:03 PM, Alexandre Carmel-Veilleux wrote:
</pre>
<blockquote type="cite">
<pre wrap="">The problem is that the best place to put this is in the URL handler
on the ap. Then it's a basically no-op as far as the firewall rules
are concerned.
The issue is that I don't believe it will follow an http redirect and
even if it did, the login page entry point on the auth server would
need to identify and respond.
Maybe if you can get me verbose httpd logs from an apple device? Or
better yet a fell packet capture of the authentication transaction?
Alex
On 2011-08-25, at 16:47, Geneviève Bastien <<a class="moz-txt-link-abbreviated" href="mailto:gbastien@versatic.net">gbastien@versatic.net</a>
<a class="moz-txt-link-rfc2396E" href="mailto:gbastien@versatic.net"><mailto:gbastien@versatic.net></a>> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Thanks Alex for this fast patch!
But I think I'd prefer the server side solution if possible, as it
does not involve reflashing our few hundreds access points and the
day android thinks this feature is so great and decide to implement
it as well, it would be easier to modify...
Unless there is a reason to favor a client-side solution? Maybe
Apple will not like the url redirect to login page...
Geneviève
On 11-08-25 02:44 PM, acv wrote:
</pre>
<blockquote type="cite">
<pre wrap="">And of course I screw up the URL. Forgot the leading /. Please use this
instead.
Alex
On Thu, Aug 25, 2011 at 01:40:40PM -0400, Genevive Bastien wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Date: Thu, 25 Aug 2011 13:40:40 -0400
From: Geneviève Bastien<<a class="moz-txt-link-abbreviated" href="mailto:gbastien@versatic.net">gbastien@versatic.net</a>
<a class="moz-txt-link-rfc2396E" href="mailto:gbastien@versatic.net"><mailto:gbastien@versatic.net></a>>
<a class="moz-txt-link-abbreviated" href="mailto:To:wifidog@listes.ilesansfil.org">To:wifidog@listes.ilesansfil.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:wifidog@listes.ilesansfil.org"><mailto:wifidog@listes.ilesansfil.org></a>
Subject: Re: [isf-wifidog] Wifidog, portal page and Apple auto-login
Thanks for the answer, but that is not the issue. It is more Apple
products bypassing the portal page, the whole login process is all fine.
I found this:
<a class="moz-txt-link-freetext" href="http://blogs.oucs.ox.ac.uk/networks/2009/10/12/fixing-the-iphone-os-wifi-auto-login-problem/">http://blogs.oucs.ox.ac.uk/networks/2009/10/12/fixing-the-iphone-os-wifi-auto-login-problem/</a>
Which may suggest that we could bypass the auto-login feature from the
server side by answering the request with the expected output. The user
will then have to open a browser page to see the actual login and portal
pages.
Geneviève
On 11-08-25 01:12 PM, acv wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Marcos' comments below are not completely accurate, the ping was not a
test itself,
in fact the gateway never bothered reading the response... The idea
was to
cause
the client to generate activity. Then activity (measured in bytes
received
from
client since last polling) was used.
In src/firewall.c, fw_sync_with_authserver() implements the timeout
logic,
it includes
this tidbit:
/* Ping the client, if he responds it'll keep activity on the
link.
* However, if the firewall blocks it, it will not help. The suggested
* way to deal witht his is to keep the DHCP lease time extremely
* short: Shorter than config->checkinterval * config->clienttimeout
*/
ping was to be a BACKUP way of generating activity but using DHCP as
suggested here is
much more reliable.
Cheers,
Alexandre
On Thu, Aug 25, 2011 at 01:06:29PM -0300, Marcos Tadeu wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Date: Thu, 25 Aug 2011 13:06:29 -0300
From: Marcos Tadeu<<a class="moz-txt-link-abbreviated" href="mailto:marcos@v2r.com.br">marcos@v2r.com.br</a> <a class="moz-txt-link-rfc2396E" href="mailto:marcos@v2r.com.br"><mailto:marcos@v2r.com.br></a>>
<a class="moz-txt-link-abbreviated" href="mailto:To:wifidog@listes.ilesansfil.org">To:wifidog@listes.ilesansfil.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:wifidog@listes.ilesansfil.org"><mailto:wifidog@listes.ilesansfil.org></a>
Subject: Re: [isf-wifidog] Wifidog, portal page and Apple auto-login
Can you ping the Apple products from wifidog captive portal machine,
after login?
If not, it is the problema: wifidog need to ping client to know that
it
is alive. If an firewall drop the ping, wifidog consider it dead.
And...
pouf.
On 08/25/2011 12:38 PM, Geneviève Bastien wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello all,
We have a problem with the portal page and Apple products and their
auto-login feature. Right now, when any iOs product and now Lion
connects to a wifidog router, they are shown the login page right
away, and the minute they have access to the internet (apple.com
<a class="moz-txt-link-rfc2396E" href="http://apple.com"><http://apple.com></a>
site), pouf! it's gone, so they never see the portal page.
But the portal page is really important to us and this situation is
really annoying (40 to 50% of our users use Apple products!).
Did anyone come up with a solution to this? Or do you know any
captive portal solution that did? Any ideas on the topic? (putting
apple.com <a class="moz-txt-link-rfc2396E" href="http://apple.com"><http://apple.com></a> in the walled garden is not a viable
option)
Thanks,
Geneviève
_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:WiFiDog@listes.ilesansfil.org"><mailto:WiFiDog@listes.ilesansfil.org></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:WiFiDog@listes.ilesansfil.org"><mailto:WiFiDog@listes.ilesansfil.org></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a>
_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:WiFiDog@listes.ilesansfil.org"><mailto:WiFiDog@listes.ilesansfil.org></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a>
</pre>
</blockquote>
</blockquote>
<pre wrap="">_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:WiFiDog@listes.ilesansfil.org"><mailto:WiFiDog@listes.ilesansfil.org></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a>
_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:WiFiDog@listes.ilesansfil.org"><mailto:WiFiDog@listes.ilesansfil.org></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a>
</pre>
</blockquote>
</blockquote>
<pre wrap="">
_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:WiFiDog@listes.ilesansfil.org"><mailto:WiFiDog@listes.ilesansfil.org></a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a>
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a>
</pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
WiFiDog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</a>
<a class="moz-txt-link-freetext" href="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</a></pre>
</blockquote>
</blockquote>
<br>
</body>
</html>