I am creating a hotspot and needed to force the user to go through my page before login.
I did the redirect, but if the customer call direct GET / login?Username=T-<mac> he can access.
I would like to add a token in the http header or qurey-path or use the Referer header.
For this thought of using the firewall Layer7.

If the regexp is "GET /login.*google" in chain "pre-hs-input" action "drop"
For url: "/login?dst=http%3A%2F%2Fwww.google.com%2F" the packet is droped.
For url: "/login?dst=http%3A%2F%2Fwww.google.com%2F&username=T-20%3AC9%3AD0%3AC0%3A4F%3ADB" the packet not match.

I would like:
If the regexp is "GET /login.*username.*tokenofday" action "accept"
If the regexp is "GET /login.*username" action "drop"
For url: "/login?dst=http%3A%2F%2Fwww.google.com%2F&username=T-20%3AC9%3AD0%3AC0%3A4F%3ADB" the packet not match the first and is droped by second.
For url: "/login?dst=http%3A%2F%2Fwww.google.com%2F&username=T-20%3AC9%3AD0%3AC0%3A4F%3ADB&tokenofday" the packet match the first and will accepted.


José Eduardo Constantino Mazolini
MTCNA
MTCRE