Return to Answer

Upon investigating and doing some tests, it is evident the Apple CNA is a web browser of its own; evidently if an exception is not properly made, all subsequent requests will have yet again the same user agent. So it will start the procedure/portal redirection from scratch, thus the redirect loops.

So in the rule for Apple, we won't redirect anymore if the destination host is the captive portal server.

# apple
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^CaptiveNetworkSupport(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^192.168.2.1$
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L,R=302]

# android
RedirectMatch 302 /generate_204 http://192.168.2.1/captive/portal.html

# windows
RedirectMatch 302 /ncsi.txt http://192.168.2.1/captive/portal.html

We also add a generic catch-all rule here, that if none of the previous conditions happen, or we are dealing with a OS which we do not have a rule for, it will redirect to the portal if not already there (e.g. not visiting the captive directory).

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/captive/ [NC]
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L]

Obviously, I would stress out that with this configuration, all the captive portal specific files have to live below the /captive directory.

Upon investigating and doing some tests, it is evident the Apple CNA is a web browser of its own; evidently if an exception is not properly made, all subsequent requests will have yet again the same user agent. So it will start the procedure/portal redirection from scratch, thus the redirect loops.

So in the rule for Apple, we won't redirect anymore if the destination host is the captive portal server.

# apple
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^CaptiveNetworkSupport(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^192.168.2.1$
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L,R=302]

# android
RedirectMatch 302 /generate_204 http://192.168.2.1/captive/portal.html

# windows
RedirectMatch 302 /ncsi.txt http://192.168.2.1/captive/portal.html

We also add a generic catch-all rule here, that if none of the previous conditions happen, or we are dealing with a OS which we do not have a rule for, it will redirect to the portal if not already there (e.g. not visiting the captive directory).

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/captive/ [NC]
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L]

Obviously, I would stress out that with this configuration, all the captive portal specific files have to live below the /captive directory.

See also Captive portal detection, popup implementation?

Upon investigating and doing some tests, it is evident the Apple CNA is a web browser of it's own; evidently if an exception is not properly made, all subsequent requests will have yet again the same user agent. So it will start the procedure/portal redirection from scratch, thus the redirect loops.

So in the rule for Apple, we wont redirect anymore if the destination host is the captive portal server.

# apple
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^CaptiveNetworkSupport(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^192.168.2.1$
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L,R=302]

# android
RedirectMatch 302 /generate_204 http://192.168.2.1/captive/portal.html

# windows
RedirectMatch 302 /ncsi.txt http://192.168.2.1/captive/portal.html

We also add a generic catch-all rule here, that if none of the anterior conditions happen, or we are dealing with a OS which we do not have a rule for, it will redirect to the portal if not already there (e.g. not visiting the captive directory).

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/captive/ [NC]
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L]

Obviously, I would stress out that with this configuration, all the captive portal specific files have to live bellow the /captive directory.

Upon investigating and doing some tests, it is evident the Apple CNA is a web browser of its own; evidently if an exception is not properly made, all subsequent requests will have yet again the same user agent. So it will start the procedure/portal redirection from scratch, thus the redirect loops.

So in the rule for Apple, we won't redirect anymore if the destination host is the captive portal server.

# apple
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^CaptiveNetworkSupport(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^192.168.2.1$
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L,R=302]

# android
RedirectMatch 302 /generate_204 http://192.168.2.1/captive/portal.html

# windows
RedirectMatch 302 /ncsi.txt http://192.168.2.1/captive/portal.html

We also add a generic catch-all rule here, that if none of the previous conditions happen, or we are dealing with a OS which we do not have a rule for, it will redirect to the portal if not already there (e.g. not visiting the captive directory).

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/captive/ [NC]
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L]

Obviously, I would stress out that with this configuration, all the captive portal specific files have to live below the /captive directory.

Upon investigating and doing some tests, it is evident the Apple is a driver of it's own; evidently if an exception is not properly made, all new request with yet the same user agent will start the procedure from scratch, thus the redirect loop.

So in the rule for Apple, we wont redirect anymore if the destination host is the captive portal server.

# apple
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^CaptiveNetworkSupport(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^192.168.2.1$
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L,R=302]

# android
RedirectMatch 302 /generate_204 http://192.168.2.1/captive/portal.html

# windows
RedirectMatch 302 /ncsi.txt http://192.168.2.1/captive/portal.html

We also add a generic catch-all rule here, that if none of the anterior conditions happen, or we are dealing with a OS which we do not have a rule for, it will redirect to the portal if not already there (e.g. not visiting the captive directory).

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/captive/ [NC]
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L]

Obviously, I would stress out that with this configuration, all the captive portal specific files have to live bellow the /captive directory.

Upon investigating and doing some tests, it is evident the Apple CNA is a web browser of it's own; evidently if an exception is not properly made, all subsequent requests will have yet again the same user agent. So it will start the procedure/portal redirection from scratch, thus the redirect loops.

So in the rule for Apple, we wont redirect anymore if the destination host is the captive portal server.

# apple
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^CaptiveNetworkSupport(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^192.168.2.1$
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L,R=302]

# android
RedirectMatch 302 /generate_204 http://192.168.2.1/captive/portal.html

# windows
RedirectMatch 302 /ncsi.txt http://192.168.2.1/captive/portal.html

We also add a generic catch-all rule here, that if none of the anterior conditions happen, or we are dealing with a OS which we do not have a rule for, it will redirect to the portal if not already there (e.g. not visiting the captive directory).

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/captive/ [NC]
RewriteRule ^(.*)$ http://192.168.2.1/captive/portal.html [L]

Obviously, I would stress out that with this configuration, all the captive portal specific files have to live bellow the /captive directory.