No, it's just that you ask good questions ;-)
There is no way that I know of to go around HSTS for a site like google when
using a browser.
The usual way to do this is with WISPr.
I.e. while an actual browser will have a problem redirecting from google.com to
the captive portal, the embedded WISPr client in (e.g.) Android or iOS should
prompt you to authenticate directly, without requiring a redirect.
For example, on OS X when a captive portal is detected, the OS pops up a window
prompting you to authenticate.
A captive portal is in the end a kind of Man-in-the-Middle attack (albeit a
friendly one, most of the time).
So your browser treats is as such.
> On Aug 12, 2016, at 6:33 AM, [email protected] wrote:
>
> Sometimes I wonder if I always ask the questions which no one wants to
> hear...
>
>
> On 11.08.2016 17:06, [email protected] wrote:
>> Hi there,
>>
>> redirecting to captive portal works fine as long as the user wants to
>> visit an unsecured page.
>>
>> But when trying to get a page over SSL and being trapped by
>> Packetfence, there is, IMHO, no way to avoid a "man in the middle" error
>> from the browser.
>>
>> Hence the user can not access the portal.
>>
>> "The owner of google.com has configured their website improperly. To
>> protect your information from being stolen, Firefox has not connected to
>> this website.
>> This site uses HTTP Strict Transport Security (HSTS) to specify that
>> Firefox only connect to it securely. As a result, it is not possible to
>> add an exception for this certificate."
>>
Best regards,
--
Louis Munro
[email protected] <mailto:[email protected]> :: www.inverse.ca
<http://www.inverse.ca/>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu/>) and
PacketFence (www.packetfence.org <http://www.packetfence.org/>)
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
