Re: Captive network account (w/ login redirect) and HSTS
On Sun 02 Apr 2017 at 18:36:25 +0200, Marc SCHAEFER wrote:
> with a basic Debian jessie install and a recent Firefox, I observe the
> following:
>
> [1] Debian has no specific support for detecting captive networks
> (e.g. Android, iOS) and redirecting automatically the browser to
> the captive login page
>
> [2] launching Firefox on the default page doesn't work (doesn't get
> redirected properly to the login page but fails with a HTTPS
> certificate error), if there is a recent HSTS[*] security
> configuration cache for the default domain page (e.g. google.com)
>
> [1] is not really an issue: I wouldn't like myself that connecting to
> a WiFi captive network starts a browser. Also, open captive networks are
> messing up, dangerous, a WPA/RADIUS auth would be much better.
>
> However, open captive networks are quite commons in hotels, airports,
> parks, etc. So it cannot be dismissed.
>
> [2] the only fix is to type an URL you know is HTTP, not HTTPS and does
> not configure HSTS, and does not support DNSSEC. In my case I used
> ptiturl.ch
>
> Maybe this could be in the Debian User manual somehow?
>
> Feel free to contact me if you want help in writing the documentation.
>
> https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Probably the best place for this is the wiki. Anyone can create a page
on the topic of captive networks there. Maybe there one is in existence
which can be added to. Feel free to add to such a page or start a new
one.
--
Brian.
Reply to: