Page 1 of 1
Hotspot https redirect feature
Posted: Tue Apr 09, 2019 6:44 pm
by ds12345
Hi
In 6.44 Mikrotik implemented below:
hotspot - added "https-redirect" under server profiles;
I've tested this and it doesnt seem to work, not as far as I can tell. I can see it adding into the firewall rules
8 D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp in-interface=ether2-inside dst-port=443
The rule gets hit when I go to google or something as unlogged in, but nothing happens, no redirects.
Is this tested by anyone, does it work?
Thanks
Re: Hotspot https redirect feature
Posted: Wed Apr 10, 2019 10:48 am
by wallpaper
Anyone? Been quite a few large topics on this previously. Is it working for anyone?
Re: Hotspot https redirect feature
Posted: Wed Apr 10, 2019 5:39 pm
by Sob
I don't use hotspot, but doesn't it do what it should, as described in manual?
Whether to redirect unauthenticated user to hotspot login page, if he is visiting a https:// url. Since certificate domain name will mismatch, often this leads to errors, so you can set this parameter to "no" and all https requests will simply be rejected and user will have to visit a http page.
Or in other words, from
someone else who tested it:
https-redirect=yes
if unlogged user try to open https website, it will be redirected to hostpot login with https. same behavior as previous version
so browser will show cert warning because cert common name is not same with domain
https-redirect=no
if unlogged user try to open https website, it will be rejected/refused so browser will error like there is no internet access
Re: Hotspot https redirect feature
Posted: Sun Apr 14, 2019 1:09 pm
by ds12345
No,
https-redirect=yes
if unlogged user try to open https website, it will be redirected to hostpot login with https. same behavior as previous version
so browser will show cert warning because cert common name is not same with domain
This part doesn't work. Basically it just does the below:
https-redirect=no
if unlogged user try to open https website, it will be rejected/refused so browser will error like there is no internet access
Anyone else managed to test? I can see the firewall rule getting hit, but nothing happens.
Re: Hotspot https redirect feature
Posted: Mon Apr 15, 2019 11:37 pm
by R1CH
The redirection will never work due to security guarantee of HTTPS. Documentation should be like this:
https-redirect=yes
Show a security error if user tries to open HTTPS website.
https-redirect=no
Show a network error if user tries to open HTTPS website.
Re: Hotspot https redirect feature
Posted: Sat Nov 02, 2019 9:28 am
by ZiadZone
Nothing happens no redirection to the login page so this option is useless
at least i got rid of those dynamic nat rules by setting https-redirect=no