diff options
| author | derelict-pf <cjlinst@gmail.com> | 2013-12-20 17:25:02 -0800 |
|---|---|---|
| committer | derelict-pf <cjlinst@gmail.com> | 2013-12-20 17:25:02 -0800 |
| commit | e98daec5960b7ecdd18bc461003df3a18d2adbe7 (patch) | |
| tree | 6d3123df259c762467b7a60759444f38a47fc500 | |
| parent | 27a015571a497dae6729d6ee4560566bc7e8daaa (diff) | |
| download | pfsense-e98daec5960b7ecdd18bc461003df3a18d2adbe7.zip pfsense-e98daec5960b7ecdd18bc461003df3a18d2adbe7.tar.gz | |
Add checkbox and logic to disable forwarding HTTPS/SSL (Port 443)
connections to the captive portal if HTTPS logins is enabled.
| -rw-r--r-- | etc/inc/captiveportal.inc | 4 | ||||
| -rwxr-xr-x | usr/local/www/services_captiveportal.php | 10 |
2 files changed, 13 insertions, 1 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 6429156..0387ee1 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -551,7 +551,9 @@ EOD; if (isset($config['captiveportal'][$cpzone]['httpslogin'])) { $listenporthttps = $listenporthttp + 1; - $cprules .= "add 65531 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n"; + if (!isset($config['captiveportal'][$cpzone]['nohttpsforwards'])) { + $cprules .= "add 65531 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n"; + } } $cprules .= <<<EOD diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index a387ede..65d185f 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -106,6 +106,7 @@ if ($a_cp[$cpzone]) { $pconfig['httpsname'] = $a_cp[$cpzone]['httpsname']; $pconfig['preauthurl'] = strtolower($a_cp[$cpzone]['preauthurl']); $pconfig['certref'] = $a_cp[$cpzone]['certref']; + $pconfig['nohttpsforwards'] = isset($a_cp[$cpzone]['nohttpsforwards']); $pconfig['logoutwin_enable'] = isset($a_cp[$cpzone]['logoutwin_enable']); $pconfig['peruserbw'] = isset($a_cp[$cpzone]['peruserbw']); $pconfig['bwdefaultdn'] = $a_cp[$cpzone]['bwdefaultdn']; @@ -283,6 +284,7 @@ if ($_POST) { $newcp['bwdefaultdn'] = $_POST['bwdefaultdn']; $newcp['bwdefaultup'] = $_POST['bwdefaultup']; $newcp['certref'] = $_POST['certref']; + $newcp['nohttpsforwards'] = $_POST['nohttpsforwards'] ? true : false; $newcp['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; $newcp['nomacfilter'] = $_POST['nomacfilter'] ? true : false; $newcp['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false; @@ -406,6 +408,7 @@ function enable_change(enable_change) { document.iform.radmac_format.disabled = radius_endis; document.iform.httpsname.disabled = https_endis; document.iform.certref.disabled = https_endis; + document.iform.nohttpsforwards.disabled = https_endis; document.iform.logoutwin_enable.disabled = endis; document.iform.nomacfilter.disabled = endis; document.iform.noconcurrentlogins.disabled = endis; @@ -906,6 +909,13 @@ function enable_change(enable_change) { </td> </tr> <tr> + <td valign="top" class="vncell"><?=gettext("Disable HTTPS forwards"); ?></td> + <td class="vtable"> + <input name="nohttpsforwards" type="checkbox" class="formfld" id="nohttpsforwards" value="yes" <?php if ($pconfig['nohttpsforwards']) echo "checked"; ?>> + <strong><?=gettext("Disable HTTPS forwards"); ?></strong><br> + <?=gettext("If this option is set, attempts to connect to SSL/HTTPS (Port 443) sites will not be forwarded to the captive portal. This prevents certificate errors from being presented to the user even if HTTPS logins are enabled. Users must attempt a connecton to an HTTP (Port 80) site to get forwarded to the captive portal. If HTTPS logins are enabled, the user will be redirected to the HTTPS login page."); ?></td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Portal page contents"); ?></td> <td width="78%" class="vtable"> <?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile"><br> |
