[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Hotel Logging in Management

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Hotel Logging in Management
From: Gordon Henderson <gordon+lug@xxxxxxxxxx>
Date: Thu, 13 Jun 2013 22:19:07 +0100 (BST)
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Distribution: world

On Thu, 13 Jun 2013, Mark Evans wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 13/06/13 09:23, Gordon Henderson wrote:


But you're right - there are no standard for captive portals, but
in all the ones I've used, I've only seen 2 ways it's accomplished
- one uses DNS to direct all web requests to an internal page and
the other force re-directs web traffic.

The force redirect is more efective in my experience - and I've
designed systems that use both.


It's likely to depend if the port 80 redirect operates at the IP level
or if it operates at the HTTP level.


You do it at the IP level. You use Linux firewalling to do it.

The former (along with the DNS method) will most likely enable abrowser with a proxy exception to communicate with your portal.

The browser doesn't have a choice. It sends out a request for i.p.address,port 80. The router picks this up and forwards the request onto anotherserver, re-writing the target IP address as it goes. (this other servercan be the same as the router) This is a standard Linux firewall rune.

Since sofar as the browser is concerned it is using a URL it is able to accessdirectly. Using an HTTP redirect is likely to fail since it's unlikelythat the resulting URL will match any proxy exceptions in the browser.

It doesn't have to match: Router says: Do I know this IP (of the clientdevice)? Yes, let it through, no, send it a redirect.

Note that the IE "Bypass Proxy Server for Local Addresses" option dosn'tdo anything like comparing the IP address of the target URL against theIP address(es) and netmask(s) of the machine. Which would probably bevery useful in this context.
Of course you are still going to be entirely stuffed with a device
which dosn't have a web browser. E.g. a Wi-Fi SIP phone or one where
the "web browser" actually runs in a data centre somewhere else.

Yes you are (stuffed). This has been considered acceptible in the systemsI've deployed - beause the rules have been: Give us your email address andwe give you free Internet.


Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] Hotel Logging in Management
- From: Mark Evans

References:
- [LUG] Hotel Logging in Management
  - From: Richard Brown
- Re: [LUG] Hotel Logging in Management
  - From: Patrick Kimber
- Re: [LUG] Hotel Logging in Management
  - From: Paul Sutton
- Re: [LUG] Hotel Logging in Management
  - From: stinga
- Re: [LUG] Hotel Logging in Management
  - From: Mark Evans
- Re: [LUG] Hotel Logging in Management
  - From: Martijn Grooten
- Re: [LUG] Hotel Logging in Management
  - From: Gordon Henderson
- Re: [LUG] Hotel Logging in Management
  - From: Martijn Grooten
- Re: [LUG] Hotel Logging in Management
  - From: Gordon Henderson
- Re: [LUG] Hotel Logging in Management
  - From: Mark Evans
- Re: [LUG] Hotel Logging in Management
  - From: Gordon Henderson
- Re: [LUG] Hotel Logging in Management
  - From: Mark Evans

Prev by Date: Re: [LUG] Hotel Logging in Management
Next by Date: [LUG] DNSSEC, HSTS, and DHCP with Captive portals was Re: Hotel Logging in Management
Previous by thread: Re: [LUG] Hotel Logging in Management
Next by thread: Re: [LUG] Hotel Logging in Management
Index(es):
- Date
- Thread