Captive network account (w/ login redirect) and HSTS

To: debian-user@lists.debian.org
Subject: Captive network account (w/ login redirect) and HSTS
From: Marc SCHAEFER <schaefer@alphanet.ch>
Date: Sun, 2 Apr 2017 18:36:25 +0200
Message-id: <[🔎] 20170402163625.GA31097@alphanet.ch>

Hello,

with a basic Debian jessie install and a recent Firefox, I observe the
following:

   [1] Debian has no specific support for detecting captive networks
       (e.g. Android, iOS) and redirecting automatically the browser to
       the captive login page

   [2] launching Firefox on the default page doesn't work (doesn't get
       redirected properly to the login page but fails with a HTTPS
       certificate error), if there is a recent HSTS[*] security
       configuration cache for the default domain page (e.g. google.com)

[1] is not really an issue: I wouldn't like myself that connecting to
a WiFi captive network starts a browser. Also, open captive networks are
messing up, dangerous, a WPA/RADIUS auth would be much better.

However, open captive networks are quite commons in hotels, airports,
parks, etc.  So it cannot be dismissed.

[2] the only fix is to type an URL you know is HTTP, not HTTPS and does
not configure HSTS, and does not support DNSSEC. In my case I used
ptiturl.ch

Maybe this could be in the Debian User manual somehow?

Feel free to contact me if you want help in writing the documentation.

https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Reply to:

Follow-Ups:
- Re: Captive network account (w/ login redirect) and HSTS
  - From: Brian <ad44@cityscape.co.uk>
- Re: Captive network account (w/ login redirect) and HSTS
  - From: Darac Marjal <mailinglist@darac.org.uk>

Prev by Date: Re: Recording needed data from mate-search-tool - possible?
Next by Date: Re: Sound problems (mpd, mpv mainly)
Previous by thread: Re: Likely a BUG - was [Re: Recording needed data from mate-search-tool - possible?]
Next by thread: Re: Captive network account (w/ login redirect) and HSTS
Index(es):
- Date
- Thread