Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Dec 2012
    Posts
    1

    Question Captive Portal Session Redirect to HTTPS

    Why are the following options removed:
    -Redirect HTTP traffic to HTTPS captive page.
    -Redirect HTTPS traffic to HTTPS captive page.

    Now it's possible for sniffers to sniff the username and password. I think this is an security issue.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by mcibo View Post
    Why are the following options removed:
    -Redirect HTTP traffic to HTTPS captive page.
    Because Captive Portal redirects to the local IP of the interface which contains the captured client *not* the hostname. As such, you can never install a correct certificate and will always get an SSL warning, regardless if you have a paid certificate signed by a legit CA.

    Everyone was trying these crazy hacks to redirect to hostname to get this working, but that breaks Captive Portal because their DNS was not based on the interface that the captured client was coming from.

    -Redirect HTTPS traffic to HTTPS captive page.
    Similar to above, this will always cause an HTTPS error because we are not the site being visited (gmail or whatever) so we can not serve a redirect to the captive page without an error. This will not be possible until we do full SSL MITM cert generation.



    Having both these options present available evidently just begs users to check them. As such, the features have been removed.

    If we ever figure out a way to do it correctly such that it works in all configurations (probably using DNS manipulation), they might be re-added.


    also, IMO, If you are still running hubs on your network such that you need to worry about sniffing I would immediately drop all things and upgrade to switches. Captive Portal logins are the least of your concern.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2