Security

Hello, 

On getting redirected to the captive-portal page, i have information of the client-mac, client-ip, ap-name, ap-group, essid, url typed by the user, in the redirected URL. 

Is there any possible way to hide those information in the URL?

It is not possible at this time.  Please enter a request to hide it here:  https://arubanetworkskb.secure.force.com/cp/ideas/ideaList.apexp

what is the purpose of having those information in the redirected url.?

Hi Colin/Tim,

Any update on this old topic?

I get asked this question once in a while.

I know why we need this info in the ClearPass guest solution, but is there a way to hash data or use a session id or something?

Cheers

Assuming you are not using the Security Hash feature, which protects those fields from hacked overrides, create a Web Page with the following and set it as your captive portal landing page:

Skin: Blank Skin

HTML:

{capture name=url}https://YOUR_DOMAIN/guest/YOUR_PAGE.php{/capture}
<html>
<head>
<meta http-equiv="refresh" content="0; URL='{$smarty.capture.url|trim}'" />
</head>
<body><a href="{$smarty.capture.url|trim}">{$smarty.capture.url|escape}</a></body>
</html>

Your logins should work without any problems.

Hi Garth,

Thanks for that. Do you know a way to use the Security Hash and this URL strip/rewrite?

Looking at the code again, it may work.  You need to ensure a page with hashing enabled is never accessed with a passed parameter and not the hash, as it will invalidate the session.  The application log will tell you when it is rejecting stuff.  Search 'tamper'.

hash url not work for hide ap-group etc. infomation.

This method can be temporarily hidden, but the capture still shows the truth information. any better  way?