This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hot Spot Walled Garden DNS Entries

rotoole
New Contributor II

‎07-29-2013 10:11 AM

I'm having trouble with the the hot spot services walled garden. If I white list a domain by its DNS entry (e.g. www.apple.com or apple.com) unauthenticated traffic still get's blocked to those URLs.

I'd like to white list Apple, because when an iOS device joins an open Wi-Fi network it checks for captive portals by opening www.apple.com in a pop up window. If the portal intercepts the request, then the portal's login page will display. A user must authenticate with the network at this step. You cannot close this popup and still be connected to the network.

This pop up workflow happens to break the way my javascript login works, so I need to prevent it by allowing traffic through to apple for unauthenticated users.
4 REPLIES 4

dennis_arafiles
New Contributor

‎08-26-2013 04:45 AM

I have this same problem. Does Ruckus have a fix for this ?
0 Kudos

rotoole
New Contributor II

‎08-26-2013 10:02 AM

Nope.

The Ruckus captive portal will only do a one time IP lookup of any DNS entry in the white list. If you are trying to white list a cloud based web service that could come from many different IPs, then you are out of luck. It was simply not designed to handle that case correctly.

I got it working by using Squid to do the captive portal. You can write squid rules to handle FQDN's, respond with 302's, manipulate IP tables, and check authorization. It's non trivial though.

Hope that helps.

bc_chamberlin
New Contributor II

‎05-26-2014 07:05 PM

We're experiencing a similar problem when trying to authenticate a user via the Facebook API. @rotoole, might you share with us more details on your work-around. We've dabbled in several of the concepts you've mentioned but still unsuccessful. Thanks
0 Kudos

rotoole
New Contributor II

‎05-27-2014 08:58 AM

BC, my company makes a solution, if you are interested. There are several approaches that will work either HTTP proxy based or RADIUS based. There are some other companies that also provide out of the box solutions. Just depends what you're looking to accomplish. Happy to chat, if you like: ryan@stad.io
0 Kudos
Copyright © 2024 Khoros, LLC