Re: Captive network account (w/ login redirect) and HSTS
- Date: Sun, 2 Apr 2017 19:51:40 +0100
- From: Brian <ad44@xxxxxxxxxxxxxxx>
- Subject: Re: Captive network account (w/ login redirect) and HSTS
On Sun 02 Apr 2017 at 18:36:25 +0200, Marc SCHAEFER wrote:
> with a basic Debian jessie install and a recent Firefox, I observe the
>  Debian has no specific support for detecting captive networks
> (e.g. Android, iOS) and redirecting automatically the browser to
> the captive login page
>  launching Firefox on the default page doesn't work (doesn't get
> redirected properly to the login page but fails with a HTTPS
> certificate error), if there is a recent HSTS[*] security
> configuration cache for the default domain page (e.g. google.com)
>  is not really an issue: I wouldn't like myself that connecting to
> a WiFi captive network starts a browser. Also, open captive networks are
> messing up, dangerous, a WPA/RADIUS auth would be much better.
> However, open captive networks are quite commons in hotels, airports,
> parks, etc. So it cannot be dismissed.
>  the only fix is to type an URL you know is HTTP, not HTTPS and does
> not configure HSTS, and does not support DNSSEC. In my case I used
> Maybe this could be in the Debian User manual somehow?
> Feel free to contact me if you want help in writing the documentation.
Probably the best place for this is the wiki. Anyone can create a page
on the topic of captive networks there. Maybe there one is in existence
which can be added to. Feel free to add to such a page or start a new