Forum Discussion
Public / Free Internet Access portal using external logon page
Hi,
I am building an access portal for an Internet hotspot that a customer will offer as a free service for their custommers.
My idea is to use a virtual server using performence layer 4 to route all traffic to the internet using a 0.0.0.0/0 destination. To this virtual server I have added an iRule that checks if the source IP have a valid session in the APM session table. If it does I will let the user through to the Internet. If not I will redirect the user to another virtual server that has an access policy that directs the user to an external logon page.
This where I run into problems. When the user starts the browser for the first time it gets redirected by my iRule to the virutal server using the access policy and the user gets the login page presented. A pending session is also created which is all as it should. However, when the user enters the form information and press "logon" the following message is presented
Invalid Session ID. Your session may have expired.
When I click on the "create new session" link on the page presenting the above message the external logon page starts working and I can POST the information. After posting the session turns green and the user can safely pass to the Internet.
To add is that I host the external logon page behind another virtual server within the same BIG-IP device, not sure if that should cause problems.
Also, when trying the built-in logon page this works fine. Only when using the external logon page it fails.
Anyone have any bright ideas?
it seems something goes wrong with your session when you go to the external logon page. would it be possible to exclude that somehow from the session processing?
i would just check your sessions being created and make sure nothing weird happens there.
- JBengtsson_1773Nimbostratus
The timeline is unfortunately not allowing me to wait for v12. I might rebuild in v12 though if it allows me to do a better solution.
That being said, the irules is working. Whats not working is the "External Logon Page".
Anyone have any tips for my original question?
If you can wait a little bit until v12.0 is released this summer, you should be able to do it using IP-based sessions that will be available by using APM. You would essentially setup a transparent proxy with a captive portal. Not to say that you can't achieve what you're looking for today with some iRules, but I believe that the complexity and troubleshooting of doing it today vs what you'll gain with this capability in v12 is worth the wait...
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com