[Chilli] Chilli SSL Redirect on OpenWrt
Ben West
ben at gowasabi.net
Wed Apr 9 18:05:19 UTC 2014
I believe an underlying limitation to redirecting captured port 443
sessions to a portal via chilli, even to a portal over SSL, is that the
client's browser will probably throw up warnings or not follow the
redirection at all. I.e. the browser you're using to test such redirection
may be silently rejecting it. Maybe try different browsers to see if the
behavior changes, or if you get detailed errors/warnings.
Indeed, I've seen such warnings occasionally appear even when using a
captive portal on a properly configured instance of Ubiquiti UniFi AP
controller.
SSL is designed specifically to detect and warn about man-in-the-middle
interference, which is exactly what coovachilli would need to do to
redirect HTTPS sessions.
P.S. Do be sure that the instance OpenSSL you're using does not suffer from
the Heartbleed exploit: http://heartbleed.com . Some browsers may soon
receive security updates that cause them reject connections to those SSL
services where this vulnerability is detected.
On Wed, Apr 9, 2014 at 9:18 AM, Ivan dominic Baguio
<baguio.ivan at yahoo.com>wrote:
> Heya folks!
>
> I just installed coova chilli 1.2.9 in an openwrt router. Im running
> openwrt 12.09 attitude adjustment. I have configured everything well,
> everything is good. However, I noticed that when I go to a HTTPS website,
> chilli does not redirect me to the UAMSERVER, whereas if the connection is
> HTTP, redirection works awesome!
>
> I did my homework, and searched for solutions, and found this one to be
> the best solution (
> http://www.linkedin.com/groups/Hello-All-help-https-redirection-158903.S.199271963).
> But im not sure how this would work on Openwrt. Im hoping that someone has
> already encountered this problem and would be kind enough to share a
> solution. Thanks.
>
>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
--
Ben West
http://gowasabi.net
ben at gowasabi.net
314-246-9434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20140409/b34c1ec2/attachment.html>
More information about the Chilli
mailing list