❦ 30 novembre 2017 18:26 -0800, Owen DeLong <[email protected]> : >> SSL requests are. For example, Google cache's their 301 redirect >> from http://www.google.com <http://www.google.com/> to >> https://www.google.com <https://www.google.com/> which means clients >> that had access while that browser ps stays active will still >> attempt https instead of http, regardless of what you actually type. > > Right, you’re talking about HSTS as I mentioned below. > > However, if there’s a well known URL for getting the captive portal to > work (e.g. http://captive.portal), then we educate users (or > browsers that they can type captive.portal (or whatever URL we choose) > instead of google (which was my traditional go to before HSTS, > I admit) and voila… Problem solved.
You can use http://neverssl.com/. But as mentioned earlier in the discussion, most OS have a non-HTTPS URL to detect a captive portal. They can display notifications to the user when they detect a captive portal. Browsers have that too. iOS/macOS: http://captive.apple.com/hotspot-detect.html Windows: http://www.msftncsi.com/ncsi.txt Ubuntu: http://start.ubuntu.com/connectivity-check Firefox: http://detectportal.firefox.com/ Chromium: http://clients3.google.com/generate_204 DHCP and neighbor discovery can also provide the information of the login page: https://tools.ietf.org/html/rfc7710 -- After all, all he did was string together a lot of old, well-known quotations. -- H. L. Mencken, on Shakespeare
