Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 5 of 5
  1. #1

    Post AC50, CAP1750:Access To Internet is possible even before Authentication on facebook Portal

    Model : AC50Hardware Version : Firmware Version : 1.0.1 Build 20170706 Rel.72258ISP : [/COLOR]Hi,I installed a TP Link solution for WIFI Access control using AC50 controller and CAP1750 AP. the firmwares are up to date (1.0.1 Build 20170706 Rel.72258 for AC50 and

    1.1.0

    CAP1750(EU)_V1_170601

    for CAP1750) the Database Version On CAP1750 is also up to date (ver

    1.0.6).I configured Facebook authentication and the redirection to my Facebook page is working pretty well. i was surprised when one of my costumers told me that he could play videos on YouTube and navigate through HTTP pages without check in to my page, i made the test in my phone and i could access to YouTube and google without check in in my page.it seems that some resources could be accessed even if not add on free authentication policy (YouTube, All HTTPS Pages, Whatsup, anroid apps, All apps using internet ...).My internet Router is connected to port 1 on the AC50, and the CAP1750 is connected to port 2 on the AC50.Did some ne of you guys ever exprienced this issue ? Is there any other configuration since i would like to have a total restriction to internet access before check in to my Facebook Page.Thank you for your help,
    Last edited by generalts; 02-07-2018 at 09:03. Reason: Tite modification

  2. #2
    Junior Member pgtuan is on a distinguished road
    Join Date
    Feb 2018
    Posts
    1
    I have same problem.

    --------------------------------------------------

    Model : Tp-Link Auranet EAP245
    FW : 1.2.0 Build 20170828 Rel. 67350(5553)
    Controler software : EAP Controller_V2.5.4_Windows
    Controller EAP software install at windows 7 pro. Iíve a problem here:
    - Create 1 SSID no password, on Portal select Facebook. In Facebook Wifi configuration page I set Bypass mode is Request Wi-Fi code and enter the password code here.
    - Test 1: I connect the wifi by iphone ->connect OK, but the facebook page NOT auto popup. When I open web browse the Facebook page show. I want automatic when I conect the wifi the Facebook auto popup no need open web browse app.
    - Test 2: When I connect the wifi by iphone ->connect OK. I open App as : yotube, vnexpress, app store, viber, camera appÖ.. All Run L I feeling the proctect by facebook not do anything. So, who connect to my wifi can use internet NO problem. Not security

    I want setup is when connect to my wifi, facebook auto popup and let choose login or type pass code . if correct the smart phone, ipadÖ. Have internet to use. If skip this step Deny NO internet. Thatís correct.

    Would you pls help this case.

    I already contact TP-Link in Vietnam. But canít help me.


    P.s: I donít why donít let the facebook feature build in firmware? Let use the web browse to config will be easy no need the EAP controller software. Many router as ASUS, Netgear build this facebook feature in the firmware

  3. #3
    Hi, it seems that we have the same issue with two different hardware. I hope that some one from the forum resolved the problem and could show us the solution. I really like TP link hardware and don't want to change my equipments because of this issue.

  4. #4
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,433
    Quote Originally Posted by pgtuan View Post
    - Test 1: I connect the wifi by iphone ->connect OK, but the facebook page NOT auto popup. When I open web browse the Facebook page show. I want automatic when I conect the wifi the Facebook auto popup no need open web browse app.
    No website can automatically "pop up". This is technically impossible since the web is pull-medium, not a push-medium. When connecting to a WLAN, your iPhone sends a connectivity test probe to see wether it is connected to a hotspot and if it gets redirected to a portal page, it will follow the redirect to let one log in. Although this seems that a login page would "pop up automatically", it actually does not. It gets pulled like any other web page, albeit by a trick built into iOS. If the faCIAbook mechanism does redirects, "automatic pop ups" could work this way, if it does not use redirection, it can not work.

    - Test 2: When I connect the wifi by iphone ->connect OK. I open App as : yotube, vnexpress, app store, viber, camera app….. All Run L I feeling the proctect by facebook not do anything. So, who connect to my wifi can use internet NO problem. Not security
    That's the problem with facebook "authentication": in order to be able to reach facebook using HTTPS, certain IPs of content delivery networks (CDNs) need to be open. If those IPs are open for access, they will allow any other service using the same CDNs to be reached without any authentication before.

    That's why I don't recommend FB logins (being a developer of Hotspots systems, albeit not associated with TP-Link in any way).

    Many router as ASUS, Netgear build this facebook feature in the firmware
    They all share the same problems discussed above if using interception for redirecting to a portal page.
    Last edited by R1D2; 02-08-2018 at 19:49.

  5. #5
    Junior Member arturj is on a distinguished road
    Join Date
    Feb 2018
    Posts
    1
    Same problem here but with voucher and web-protal (local users) logins: e.g. on my mobile I get a "login to wifi network" notification upon connecting but when opened it just disappears without requesting a voucher code or user/password and I'm good to go. I think this has to do with ipv6. My provider hast full ipv6 support and my dhcp server on my internet router serves both ipv4 and ipv6 addresses to all clients with dual-stack support. Conversely CAPxxx/ACxx products are ipv4 only and they seem to let ipv6 simply pass which is a security flaw in my oppinion and I allready reported this to the tplink support. As more and more websites are dual-stack you will be able to use internet until you hit an ipv4 only ressource.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright © 1996-2018 TP-LINK Technologies Co., Ltd. All rights reserved.