Hot Spot Walled Garden DNS Entries

  • 3
  • Question
  • Updated 3 years ago
I'm having trouble with the the hot spot services walled garden. If I white list a domain by its DNS entry (e.g. www.apple.com or apple.com) unauthenticated traffic still get's blocked to those URLs.

I'd like to white list Apple, because when an iOS device joins an open Wi-Fi network it checks for captive portals by opening www.apple.com in a pop up window. If the portal intercepts the request, then the portal's login page will display. A user must authenticate with the network at this step. You cannot close this popup and still be connected to the network.

This pop up workflow happens to break the way my javascript login works, so I need to prevent it by allowing traffic through to apple for unauthenticated users.
Photo of rotoole

rotoole

  • 10 Posts
  • 1 Reply Like

Posted 4 years ago

  • 3
Photo of Dennis Arafiles

Dennis Arafiles

  • 1 Post
  • 0 Reply Likes
I have this same problem. Does Ruckus have a fix for this ?
Photo of rotoole

rotoole

  • 10 Posts
  • 1 Reply Like
Nope.

The Ruckus captive portal will only do a one time IP lookup of any DNS entry in the white list. If you are trying to white list a cloud based web service that could come from many different IPs, then you are out of luck. It was simply not designed to handle that case correctly.

I got it working by using Squid to do the captive portal. You can write squid rules to handle FQDN's, respond with 302's, manipulate IP tables, and check authorization. It's non trivial though.

Hope that helps.
Photo of BC

BC

  • 8 Posts
  • 0 Reply Likes
We're experiencing a similar problem when trying to authenticate a user via the Facebook API. @rotoole, might you share with us more details on your work-around. We've dabbled in several of the concepts you've mentioned but still unsuccessful. Thanks
Photo of rotoole

rotoole

  • 10 Posts
  • 1 Reply Like