[zbaron]

There is a new feature in iPhone OS 3.0 for connecting to captive wireless portals.

When connecting to an open wireless network from within the Wi-Fi Settings, the iPhone will open a very thin browser and request http://www.apple.com/ with a UA string of "CaptiveNetworkSupport/1.0 wispr".

This was causing a problem on our wireless network here, where i've used some DNS trickery to present a web page containing connection instructions and a configuration profile for our WPA2 WLAN.

To get in just before the general release of OS 3.0, i've found a fix to stop the "login" sheet from appearing when connecting to the open WLAN.

I've inserted the following code into the top of the index page to return a 400 response to the CaptiveNetworkSupport UA.

Code:

<?php
  if (preg_match ("/CaptiveNetworkSupport/", $_SERVER["HTTP_USER_AGENT"])) {
    header ("HTTP/1.0 400 Bad Request");
    exit ();
  }
 ?>

We've tested this on the 3.0 GM and it's working fine.

[bennyling]

Sorry, I don't quite understand... What's so good about this?

[zbaron]

Without this, the iPhone will keep throwing up a "login" sheet when trying to connect to an open wireless network. If you then cancel this sheet, it will disconnect from the wireless network. This might only be a problem when running a captive portal type arrangement like we are here.

[dotnet]

Why was this causing problems on your network?

This functionality is quite welcome, and allows the phone to automatically join WiFi networks that require captive authentication. By trying to visit Apple it forces the captive portal to spring into action and it will then provide the stored credentials to log you into the network. Access to the WiFi network will just work from that point onwards.

Prior to verion 3.0, in order to use the WiFi network at work, I had to visit some web page using Safari, got redirected to the login page and had to type in my credentials before being able to vistit the App Store, or use NetNewsWire etc. Now, with 3.0, it is fully transparent and seamless.

Cheers
Steffen.

[zbaron]

Quote:

Originally Posted by dotnet

Why was this causing problems on your network?

I'm not using the captive portal for log in. Just to display instructions and offer the configuration profile for download. The new log in behaviour makes this hard to achieve, because if you don't log in, the iPhone will disconnect from the WLAN.

[hasnulhakim]

i also face the same problem...,, zbaron...where i should put the code?..., and how to find the index?..

[zbaron]

A little more digging (with tcpdump and wireshark) find that the iPhone is requesting the URL:

Code:

http://www.apple.com/library/test/success.html

to see if it has open Internet access.

[mphare]

Quote:

Originally Posted by dotnet

Why was this causing problems on your network?

This functionality is quite welcome, and allows the phone to automatically join WiFi networks that require captive authentication. By trying to visit Apple it forces the captive portal to spring into action and it will then provide the stored credentials to log you into the network. Access to the WiFi network will just work from that point onwards.

Prior to verion 3.0, in order to use the WiFi network at work, I had to visit some web page using Safari, got redirected to the login page and had to type in my credentials before being able to vistit the App Store, or use NetNewsWire etc. Now, with 3.0, it is fully transparent and seamless.

Cheers
Steffen.

Except, after I enter the UID/PID my authenticator send a pop-up with a 'Success' message and an OK button. The thin browser isn't allowing the popup, I can't click OK, so I cannot connect to my office wireless network anymore.

This would be a very nice feature, but they have to allow for me to click past the 'success' message.

[dotnet]

Yes, javascript is evil.

Cheers
Steffen.

EDIT I should probably elaborate a bit more. An authenticator that says Ok and then waits for its answer to be acknowledged before actually making it "ok" is brain-dead. Using javascript for that is just a higher form of brain-deadness.

Unfortunately the market is full of appliances and "solutions" concocted by wannabe gen-X types that either don't have the time or the skill or the knowledge of standards to think things through...

(sorry, i didn't mean for this to turn into a rant)

[mphare]

I don't disagree.
It's one thing to have a Failed message popup.
But a successful login should have just let me in and continue to my requested page.

I won't have much luck getting our IT dept to change their brain-dead ways.
I probably won't have much luck getting iPhone to allow the 'success' popup either.

Too bad I can't override the iPhone feature for certain sites and go back to using Safari to authenticate like before 3.0.

[dotnet]

I know what you mean, and even if IT agreed with you it might not be possible/easy for them to fix it.

I suppose Apple will reneg on this to some extent by offering more flexibility. After all, what allowed the Internet to survive and evolve those past decades was the philosophy of "be strict with what you put out and liberal with what you take in".

Cheers
Steffen.

[sMiNt]

Quote:

Originally Posted by zbaron

To get in just before the general release of OS 3.0, i've found a fix to stop the "login" sheet from appearing when connecting to the open WLAN.

I've inserted the following code into the top of the index page to return a 400 response to the CaptiveNetworkSupport UA.

Code:

<?php
  if (preg_match ("/CaptiveNetworkSupport/", $_SERVER["HTTP_USER_AGENT"])) {
    header ("HTTP/1.0 400 Bad Request");
    exit ();
  }
 ?>

We've tested this on the 3.0 GM and it's working fine.

Hello, I'm currently running an iPod Touch 2G with the 3.0 OS and I'm facing the same problem at my college. Unfortunately my english is not very well and I don't understand how I should act now.

I need this fix to prevent the browser from opening after connection to the public network. Would it be possible to write an "user friendly" manual how to do it? That would be very nice.

Greetings, sMiNt

[bennyling]

Quote:

Originally Posted by sMiNt

Hello, I'm currently running an iPod Touch 2G with the 3.0 OS and I'm facing the same problem at my college. Unfortunately my english is not very well and I don't understand how I should act now.

I need this fix to prevent the browser from opening after connection to the public network. Would it be possible to write an "user friendly" manual how to do it? That would be very nice.

Greetings, sMiNt

I also had an issue where wireless captive portal support (or whatever they call it) was breaking connectivity to my Uni's internet. There's a complicated method to work around it (by uploading a config profile to your phone, blah blah), but if you're interested there's actually an app that breaks the wireless captive portal support.

The app itself is boingo, and by simply having it installed on your iphone (no need to launch/open the app at all), wireless captive portal support will be essentially disabled.

Free, available in the app store: iTunes Store

Need to break wireless captive portal support? Yeah, there's an app for that