Wireless Access

Reply
New Contributor

Redirection of blocked URLs in Safari

Hi all,

 

I use an IAP-215 with Aruba Central configuration. The IAP is using the latest firmware, 8.5.0.

 

My problem is that the Custom Blocked Page URL redirection feature doesn't work on iOS 12.3 (all browsers) and on macOS 10.13 (Safari & Firefox). In macOS 10.13, Chrome successfully redirects.

 

I want to redirect some content categories to another address. For testing purposes, I'm redirecting to http://www.neverssl.com because I want to avoid this being an SSL issue.

 

When I open an obsecene website in Safari on iOS, I get the error message Safari cannot open the page. The error was "cannot parse response". All other traffic works as expected. In Safari on macOS, I get a similar message Safari can't open the page "somedirtywebsite.com". The error is "cannot parse response" (NSURLErrorDomain:-1017)

 

On the macOS device, if I run wget somedirtywebsite.com, I see that the request is redirected with code 302 to http://www.neverssl.com?userip=...&destip=-...&web_rep=%3Ctrystworthy-sites%3E&web_cat=etc. and the response is 200. The wget command downloads the index.html of the redirected page.

 

Here is my ACL configuration for the IAP group:Selection_048.png

This is a brand new Network configured with its own SSID, DHCP from the network, and the simple ACL shown above.

On Android, this redirection works perfectly in Chrome. In Firefox it doesn't.

 

Is this supposed to work with the current status of iOS and Safari/Firefox? Maybe this feature has been blocked at the OS level for privacy/security reasons.

 

I have found that certain features of IAPs are not used that much, so then again maybe it just doesn't work an no one has noticed it yet.

 

Thank you for any help,

    Yours truly

MVP Guru

Re: Redirection of blocked URLs in Safari

Your issue may be related to that you can only redirect traffic to an HTTP (unencrypted) web page to the error-page. The problem is not in the page you are redirecting to, that can be HTTPS, it is in the page that the client originally connected to.

 

Because even (or maybe especially) the dirty websites have moved to HTTPS, you cannot show an error page on a block, because the HTTPS connection cannot be broken/spoofed.

 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
New Contributor

Re: Redirection of blocked URLs in Safari

Thank you for your reply.

 

Unfortunately, that is not the case. If I redirect to another website and then try to go to http://neverssl.com, which is never on SSL, I still get the same error message.

MVP Guru

Re: Redirection of blocked URLs in Safari

You could try to capture the HTTP traffic and see what is going on, and why Safari does not like the response. However, I'd rather contact Aruba TAC to let them investigate and suggest a solution.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: