Red Box Wifi Captive Portal Redirects

Q): When we are just logging on to a wifi hotspot directly using an ipad/laptops (NOT using the red box/WiFi Bat), then the web browser opens up automatically, and the passwords can then be put in and logged on. But, when I am using the RedBox/Bat to boost the signal, the browser will not come up with the log on page? Why?

A): This situation happens when you are behind a shore based wifi network which implements a "Captive Portal", ie where you first need to redirect to some login page to contine. The solution will be down to "how" you cause the page to pop up.

Firstly note that may devices, (eg Apple IOS, Android, Apple laptops and some Windows versions), will do an automatic check when you connect to a wifi network to see if there is a captive portal in the way. This is handy because they then immediately pop up the login page without further prompting. However, at present they *only* do it when the wifi network doesn't need a password to connect/associate to it, ie where there is no padlock in the wifi network list. So because your Red Box wifi network is secured, ie it does require a password to connect to it, usually your device will not do an automatic check and hence no automatic popup (you are unlikely to want your Red Box to be free to connect to by everyone else, so you are stuck with this situation)

So the solution is to deliberately visit some web page via your browser and trigger the popup to appear that way. But, note the following:

  • The "popup" works by rather naughtily hijacking your connection. In many ways, you really don't want this... I get it's "convenient", but when you visit BA.com, would you be happy if it started redirecting you to American Airlines?
  • So you are probably still bogged down with "oh, but no one would do that"... Interestingly BT Internet has been doing something similar for a few years, so actually, yes they would...
  • So in some cases you REALLY, REALLY, REALLY don't want your browser to be redirected. Random example would be logging into your bank... If you *could* silently redirect that then some idiot would: redirect you to something which *LOOKED* like your bank login page, but really actually pinched your login details... OK, so encrypted web sites, ie httpS (see the "S" on the end) sites *CANNOT* be redirected (no matter how convenient that would be in the specific case of logging into the marina)
  • So visiting any HTTPS page will NOT cause you to be redirected to the login page for the reasons given above...
  • Look again at google... Do a search... What is the URL... Aha, httpS://google.something... Hmm, so you cannot redirect google to the login page... Hmm..

So look carefully at what you are doing. If you say visit mailasail by just typing "mailasail" into the address bar, then look carefully at what happens next, ie it triggers a google search for that word, it doesn't visit our site. However, if instead you visit http://mailasail.com then you WILL get redirected because that is a direct link to a non httpS page, hence it's redirectable

If you glazed over, the key point is to have a "tame bookmark" which you can visit, which is some site which is NOT encrypted, eg http://mailasail.com or http://bbc.co.uk etc

Addendum:

You might wish to ask why sometimes visiting google does work when you don't use the red box and you do get redirected... Google provides a small back door for this purpose. Arguably it's dangerous and it ONLY works for Google (so Facebook, your bank, etc, still wouldn't cause the redirect). It relies on some specific setup by the wifi operator and effectively allows the wifi hotspot to "lie" about certain DNS responses. The Red Box is designed to help protect you from various spoofing attacks and so we (deliberately) don't support this highly specific pin hole that allows one and only one encrypted site to be sometimes intercepted and a fake response returned... So basically get used to "properly" triggering the redirect, rather than relying on this (not always implemented) pin hole to google.