Captive portal popups: the definitive guide [closed]

Question

I'm manually implementing a WiFi captive portal. I've got everything pretty much working BUT a single hitch: i want everyone to see their mobile OSs' (or computer OSs') captive portal popup for a flawless experience.

Since each one of them has its own twisted way of doing it i'm seemingly unable to get a consistent cross-platform experience.

To make this happen, can I have some help to describe either (1) what URL requests from WiFi clients need to be redirected to a login page, and/or (2) what nginx or apache web server configuration can be used to redirect WiFi clients to a login page?

My captive portal login page in this example is http://captiveportal.lan . Here are some of the Operating Systems I am trying to resolve this for.

---

Android 4/5/6

• Apache:
  RedirectMatch 302 /generate_204 http://captiveportal.lan
  
• nginx: ?
  

Previous Android versions

• Apache: ?
  
• nginx: ?
  

iOS 8

• Apache .htaccess:
  RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^CaptiveNetworkSupport(.*)$ [NC]
RewriteRule ^(.*)$ http://captiveportal.lan [L,R=302]
  

• nginx: ?
  

Previous iOS versions

• Apache: ?
  
• nginx: ?
  

Windows phone

• Apache:
  RedirectMatch 302 /ncsi.txt http://captiveportal.lan
  
• nginx: ?

Windows 7\8\10

• Apache: see windows phone (works on win7).
• nginx: ?
  

Mac OS

• Apache: ?
  
• nginx: ?
  

Amazon Kindle - does it have a popup?

• Apache: ?
  
• nginx: ?
  

Answer 1

All mobile OS just check a web page to decide whether they're behind a captive portal or not.

The mechanism is this:

1. GET/POST http://foo.com/bar.html
2. If bar.html == [expected content] > Open Internet
3. If bar.html != [expected content] > Captive Portal
4. If bar.html[status] != SUCCESS > No Network

Also, for iOS, you need to have a domain for your WiFi network as it assumes a domainless network without access is a home network and just marks it as No Network instead of Captive Portal.

Just make sure to explicitly redirect the following urls to your captive portal with HTTP Success:

Android / Chromebook:

• clients3.google.com

iOS 6:

• gsp1.apple.com
• *.akamaitechnologies.com

iOS 7:

• www.appleiphonecell.com
• www.airport.us
• *.apple.com.edgekey.net
• *.akamaiedge.net
• *.akamaitechnologies.com

iOS 8/9:

• http://www.apple.com/library/test/success.html
• http://captive.apple.com/hotspot-detect.html

Windows

• ipv6.msftncsi.com
• www.msftncsi.com

Many vendors have also began to use the User Agent "CaptiveNetworkSupport", though it's not as common as the URL method above. Just check for that UA and always give it your portal page...doesn't work 100% though.

I use the URL method and it's been working fine.

Answer 2

Amazon Kindle (Fire)

The Amazon Kindle (Fire) makes the following request, and if it cannot be retrieved "... it assumes that the user has to login and throws up a Log In screen.":

• http://spectrum.s3.amazonaws.com/kindle-wifi/wifistub.html
  • See Also: https://forums.developer.amazon.com/forums/thread.jspa?threadID=834

iOS 8.4

For the latest iOS I had to match all URIs for requests to http://captive.apple.com - not just "/hotspot-detect.html".

iOS 8.4 clients are making requests with randomly generated URIs (e.g. "/xmqPyZUv/3r8jTjv8.html" and "/7exN0TV7q0COX0/eKlBU8baU2tape/fjXUzDHBdE6W0O/BGbw7iYU2DVBh1/sVBlx8icYzTTtE.html") in URL requests to the following domains to detect a captive portal:

• http://captive.apple.com
• http://www.ibook.info
• http://www.itools.info
• http://www.thinkdifferent.us