From what I understand, if you are using a custom external captive portal page, if it finds any links to external resources (images or stylesheets, for example), it will automatically let that traffic through so that the initial captive portal page can be rendered properly. Typically, you would allow all http(s) traffic to the ip address of the captive portal server and that is where all resources would be hosted. Enabling this option would allow you to host those resources elsewhere, as long as you use an fqdn:
<img src="http://ubuntu.mylab.com/cc.jpg">
EDIT: I put in a request for the documentation for "automatic URL allowlisting" here to be updated: https://www.arubanetworks.com/techdocs/central/2.5.7/content/nms/access-points/cfg/networks/conf_guest_ssids.htm
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------
Original Message:
Sent: Sep 08, 2023 12:04 PM
From: dwaites
Subject: Automatic URL whitelisting / allowlisting captive portal profiles in Central / IAP: what does it actually do?
What does the automatic URL whitelisting / allowlisting feature actually do? I've been through the user guide, the cli guide, as well as the forums. All references just say turning on this feature enables the feature. Conversely, in the CLI guide, the command to disable the feature, is described as disabling the feature.
What does the feature actually do? Does it look at certificates and whitelist OCSP endpoints? Does it scan HTTP traffic and whitelist stuff sent by the captive portal? Does it automatically whitelist the URL of the captive portal itself? How does it relate to the whitelisted domains in the pre-auth user role?