Hi,
A hotspot service is run on a 433 routerboard and is working fine
the problem is :
when a user starts with a https page like https://google.com he is not redirected to the authentication page (he can enter the name or ip of the hotspot gateway and seethe page but as i mentioned redirection does not work)

but interestingly, when he tries a http page, he will be redirected to the login page (for example if he start with a http://test.com)

any help would be appreciated

Thanks

The hotspot only redirects port 80 requests. It won't redirect SSL, email, FTP, or ssh clients. It just blocks them until you are logged in on port 80.

Is there anyway round this?

A lot of people use google as their homepage and using https://, so whenever they open their browser they're not getting redirected to the login automatically.

Not really, no.

If you intercepted the HTTPS response, the users browser would throw up SSL error messages which really scare the users off. IPhones and some newer versions of Android have captive portal helpers which provide a solution, as does Windows 8 and OSX later version , but its still a real PITA.

I had three people phone me today and our season hasn't started yet, this is going to be fun.

so after this conversation , is there a way to make this works , at least , most people make their homepage https://www.google.com

can we at least make something work for the majority ? like setting up an exception for https://www.google.com in Walled Garden ???????

There MIGHT be a solution for google, at least on LINUX it can be done.
Question only: Is it possible on MT, too ?
The key is the possibility to force the search to be completed NOT using https.
This was introduced by google, to have a chance to block smart guys at school to search for "hot" web pages using SSL

However, the initial contact with google is still via https:, so does MT-hotspot allow a passthu of https:// to google ?
IFF THEN the following will not be possible
IFT:
First of all, it needs messing around with DNS (now into the LINUX world):
- in named.conf:
....
zone "www.google.com" IN {
type master;
file "/etc/google.zone";
};
....

/etc/google.zone:
@ IN SOA localhost. root.localhost. (
2012050900
7200
1800
1209600
300 )

1800 IN NS localhost.
1800 IN A 216.239.32.20 ;nosslsearch.google.com.


When this is applied to the DNS used,
GET www.google.com is still https://, but then all the rest will be http.
Which could be captured by MT hotspot and routed to the login-page.

Now, the MT-gurus at work to translate it to MT

I wonder why none of you guys mentioned https authentication type in '/ip hotspot profile' . by activating that, hotspot should automatically redirect unauthenticated users trying to access https on port 443, to the login page. however, almost all browsers will warn the users about the potential MITM attack. they have to take actions and allow it each time or add your certificate to the trusted zone for that site (base on the browser they're using). After accepting the certificate, they should be redirected to the hotspot login page.
Take a look at Here . Rule number 12 is responsible for such redirection.
please try it and see if it works. even though i haven't done it myself, i think it should, as ive seen people here complaining about users getting certificate warnings because of that.