Knowledge Base

HTTPS Captive Portal may fail to redirect a webpage when a user attempts to browse a webpage that supports HSTS.

Question

HTTPS Captive Portal may fail to redirect a webpage when a user attempts to browse a webpage that supports HSTS.

Answer

What is HSTS:

HTTP Strict Transport Security is a web security policy mechanism which is necessary to protect secure HTTPS websites against downgrade attacks, and which greatly simplifies protection against cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with the server  using secure HTTPS connections, and never via the insecure HTTP protocol.

Derived from https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

 

Symptoms:

When the following conditions are met, the captive portal may fail to redirect the webpage:

1.    Installed firmware version 4.21, which supports HTTPS captive portal

2.    Enabled Captive Portal + the browser supports HSTS + website supports HSTS (like Gmail.com, Yahoo!, Facebook, Twitter….) 

To browse a website that does not use HSTS: complete the authentication then browse any website like www.google.com, www.bbc.com, www.cnn.com, etc.

 

 

 

Refer to the following link to check if a website supports HSTS: https://hstspreload.appspot.com/

Example: Gmail.com supports HSTS

Example: www.google.com does not support HSTS

Browsers that support HSTS:

• Firefox 31 and later

• Internet Explorer 10, 11

• Chrome 36 and later

Refer to the following link to check if HSTS is supported by the browser: http://caniuse.com/#search=hsts

 



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:014925
TYPE:General Info
FIRMWARE:4.21
VIEWS:1749
VOTES:0
TECHNOLOGY:
MODEL:NXC2500,NXC5500

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support