Wireless Access

We recently been deploying custom guest captive portal on our Aruba controllers. All is straightforward on the controllers running 6.x and working as expected.

Then we had one controller pair which is running 8.3.... Besides the fact that I'm missing the upload "content" option, I'm not able to get it working on this controller. I pretty much used the same config as the 6.x controllers, but I've also tried just step-by-step setting up a new captive portal and uploading just the .html login page.

 

The issue is that the guest will get connected, it will end up in the preauth role, the captive portal will pop up but I'm getting a HTTP 404 Not Found. Connectivity wise it's all ok, because I can ping my gateway, I can also ping the guest IP on the controller, but it's giving me a 404. To me it seems that the custom HTML code is not getting uploaded correctly, or there's something wrong with the path (/upload/custom/<cp-profile>/). 

 

Has anyone else have experience with uploading custom HTML pages to controllers running version 8.3?

hmm so I just stumbled across this logging:

 

 
Mar 14 19:32:30 nginx: 1552591950.197009 [error] 6208#0: *14550 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>
Mar 14 19:33:41 nginx: 1552592021.201440 [error] 6208#0: *14622 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>
Mar 14 19:36:02 nginx: 1552592162.299281 [error] 6208#0: *14760 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>
Mar 15 08:44:52 nginx: 1552639492.535908 [error] 6208#0: *14894 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>
Mar 15 08:45:29 nginx: 1552639529.156860 [error] 6208#0: *14928 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>
Mar 15 08:54:45 nginx: 1552640085.516166 [error] 6208#0: *15597 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>

I see this in the logging. Is there some kind of DIR command to see if the files are actually getting uploaded correctly.

Mar 14 19:32:30  nginx:  1552591950.197009  [error] 6208#0: *14550 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>
Mar 14 19:33:41  nginx:  1552592021.201440  [error] 6208#0: *14622 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>
Mar 14 19:36:02  nginx:  1552592162.299281  [error] 6208#0: *14760 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>
Mar 15 08:44:52  nginx:  1552639492.535908  [error] 6208#0: *14894 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>
Mar 15 08:45:29  nginx:  1552639529.156860  [error] 6208#0: *14928 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>
Mar 15 08:54:45  nginx:  1552640085.516166  [error] 6208#0: *15597 open() "/flash/upload/custom/Internal_CP/login.html" failed (2: No such file or directory), client: 192.168.20.77, server: localhost, request: "GET /upload/custom/Internal_CP/login.html?<output stripped on purpose>

I am not aware of a way to see the directory listing.

 

You can try https://<ip address of controller>/upload/custom/Internal_CP/login.htm.

 

Hi Cjoseph,

 

we noticed that the controller was rejecting the HTML upload, because it's seeing the ";" semicolon character as a SQL injection attack.

 

Mar 15 14:34:46  httpd[29464]: Found SQL injection character ;         src: url(futura.woff) format('woff');         unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;     }     .UAP {         color: #666 !important; ^I^Imargin-left: auto; ^I^Imargin-right: auto; ^I^Ipadding-inline-start: 15px; ^I^Ipadding-left: 15px; ^I^Ipadding-right: 15px;     }     .title {         font-size: 25px;

Mar 15 14:34:46  httpd[29464]: arci_cgi: Returning error as the input arguments might have their values altered. Could be SQL Injection.
M

when we upload a simple html file without semi-colons, it works. But we need the semi-colons for the css and script to work properly. So we're awaiting TAC response, they are going to try and reproduce in the lab

TAC was able to reproduce the issue in their lab, standalone controller running version 8.3.0.4.

The OS sees the ";" character as a SQL injection, so it won't take any HTML page or content which has that character.

Suggested we upgrade to 8.3.0.6, as this fix the issue in their lab.

We're still missing the upload content option.

Did you find it or did you find any way to upload images and css files ?

 

thanks

Hi, 

 

correct, I added this as a follow up. There is no clear "Content" upload input box anymore, but there is a workaround ;)

- upload the css and other content files via the "Welcome page" upload box. This will just upload the files into the flash/upload/customs folder, and it will work.

Is this still the correct directory to upload files that will be used for custom captive portal, flash/upload/customs? I tried calling my background image files in my html code and it would not load it.  Thanks for your response in advance.

------------------------------
Miguel Balagot
------------------------------

Original Message:
Sent: Mar 21, 2019 02:27 AM
From: Geert Van Daal
Subject: Aruba 8.3 - Uploading custom HTML captive portal

Hi, 

 

correct, I added this as a follow up. There is no clear "Content" upload input box anymore, but there is a workaround ;)

- upload the css and other content files via the "Welcome page" upload box. This will just upload the files into the flash/upload/customs folder, and it will work.

This should work:



------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Jan 15, 2021 06:27 PM
From: Miguel Balagot
Subject: Aruba 8.3 - Uploading custom HTML captive portal

Is this still the correct directory to upload files that will be used for custom captive portal, flash/upload/customs? I tried calling my background image files in my html code and it would not load it.  Thanks for your response in advance.

------------------------------
Miguel Balagot

Original Message:
Sent: Mar 21, 2019 02:27 AM
From: Geert Van Daal
Subject: Aruba 8.3 - Uploading custom HTML captive portal

Hi, 

 

correct, I added this as a follow up. There is no clear "Content" upload input box anymore, but there is a workaround ;)

- upload the css and other content files via the "Welcome page" upload box. This will just upload the files into the flash/upload/customs folder, and it will work.