Hello,
On getting redirected to the captive-portal page, i have information of the client-mac, client-ip, ap-name, ap-group, essid, url typed by the user, in the redirected URL.
Is there any possible way to hide those information in the URL?
It is not possible at this time. Please enter a request to hide it here: https://arubanetworkskb.secure.force.com/cp/ideas/ideaList.apexp
what is the purpose of having those information in the redirected url.?
Hi Colin/Tim,
Any update on this old topic?
I get asked this question once in a while.
I know why we need this info in the ClearPass guest solution, but is there a way to hash data or use a session id or something?
Cheers
Assuming you are not using the Security Hash feature, which protects those fields from hacked overrides, create a Web Page with the following and set it as your captive portal landing page:
Skin: Blank Skin
HTML:
{capture name=url}https://YOUR_DOMAIN/guest/YOUR_PAGE.php{/capture}<html><head><meta http-equiv="refresh" content="0; URL='{$smarty.capture.url|trim}'" /></head><body><a href="{$smarty.capture.url|trim}">{$smarty.capture.url|escape}</a></body></html>
Your logins should work without any problems.
Hi Garth,
Thanks for that. Do you know a way to use the Security Hash and this URL strip/rewrite?
Looking at the code again, it may work. You need to ensure a page with hashing enabled is never accessed with a passed parameter and not the hash, as it will invalidate the session. The application log will tell you when it is rejecting stuff. Search 'tamper'.
hash url not work for hide ap-group etc. infomation.
This method can be temporarily hidden, but the capture still shows the truth information. any better way?
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.