undefined | Better HN

0 pointsninkendo6y ago0 comments

Allowing http://captive.apple.com should make macOS’s captive portal auth window work.

0 comments

Most captive portals I've seen use HTTP redirection to the actual domain of the captive portal, so it would still fail as soon as it follows the redirected URL.

Zarel6y ago

If you block port 80, you'll never get to the part where you do URL filtering in the first place.

(And also the redirection thing.)

ninkendoOP6y ago

I mean whitelist port 80 for captive.apple.com. Sorry if that wasn't clear.

macOS has a background daemon which automatically hits captive.apple.com on connection to a WiFi network, to detect if it's behind a captive portal (and opens up a browser window to let you complete the flow, if it gets a 302). So that much should work even if you block egress port 80 but whitelist captive.apple.com.

...that is, assuming the portal to which you get redirected would be served over https, but I guess that isn't a given either.

j / k navigate · click thread line to collapse