Public / Free Internet Access portal using external logon page

Question

Hi,&nbsp;
I am building an access portal for an Internet hotspot that a customer will offer as a free service for their custommers.&nbsp;
My idea is to use a virtual server using performence layer 4 to route all traffic to the internet using a 0.0.0.0/0 destination. To this virtual server I have added an iRule that checks if the source IP have a valid session in the APM session table. If it does I will let the user through to the Internet. If not I will redirect the user to another virtual server that has an access policy that directs the user to an external logon page.&nbsp;
This where I run into problems. When the user starts the browser for the first time it gets redirected by my iRule to the virutal server using the access policy and the user gets the login page presented. A pending session is also created which is all as it should. However, when the user enters the form information and press "logon" the following message is presented&nbsp;
Invalid Session ID. Your session may have expired.&nbsp;
When I click on the "create new session" link on the page presenting the above message the external logon page starts working and I can POST the information. After posting the session turns green and the user can safely pass to the Internet.&nbsp;
To add is that I host the external logon page behind another virtual server within the same BIG-IP device, not sure if that should cause problems.&nbsp;
Also, when trying the built-in logon page this works fine. Only when using the external logon page it fails.&nbsp;
Anyone have any bright ideas? &nbsp;

michael_koyfma1 · Answer

If you can wait a little bit until v12.0 is released this summer, you should be able to do it using IP-based sessions that will be available by using APM. You would essentially setup a transparent proxy with a captive portal. Not to say that you can't achieve what you're looking for today with some iRules, but I believe that the complexity and troubleshooting of doing it today vs what you'll gain with this capability in v12 is worth the wait...

jbengtsson_1773 · Answer

The timeline is unfortunately not allowing me to wait for v12.
I might rebuild in v12 though if it allows me to do a better solution.&nbsp;
That being said, the irules is working. Whats not working is the "External Logon Page".&nbsp;
Anyone have any tips for my original question?&nbsp;

boneyard · Answer

it seems something goes wrong with your session when you go to the external logon page. would it be possible to exclude that somehow from the session processing?&nbsp;
i would just check your sessions being created and make sure nothing weird happens there.&nbsp;

Forum Discussion

Public / Free Internet Access portal using external logon page

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Enriching AFM with public domain Threat Intelligence

SSLO in public cloud: Azure inbound L3 use case

Using Public IPs as a self, external and VS IPs

CSV to Address External Datagroup File

Re: Public Cloud Simplified with F5 NGINX for Azure