Application Note

Web Page Redirect
       

............ 5 Configuration ................ 15   Rev 011810 2 ........................................................................................................................................................................... 3 Benefits.......................................................................................... 4 Internal Login/Splash................ 4 External ..................................           Application Note – Web Page Redirect Table of Contents Background.................................................................................................................................................................................................................... 5 Web Page Redirect Configuration Using the Web Management Interface (WMI) ............................................................................................................................................................... 3 Theory of Operation ........ 6 Tips and Recommendations............................................................................................................. 3 Description ...........................................................................................................................................................

g. This special web page can be used for several purposes: • Authentication device wherein a user must enter a username and password before accessing network resources. Once the user has been authenticated. user authentication can be controlled by an internal RADIUS server that resides on each Array. Captive Portal that can intercept a web page request by the client device and redirect them to a specific web page before accessing the network. Additionally.           Application Note – Web Page Redirect Background Web Page Redirect (WPR) is an authentication technique which forces a client to view a special web page before accessing the network or Internet. When a guest user accesses the network. Description The Xirrus Wi-Fi Array implements Web Page Redirect (WPR) as a web-based means of authenticating users into the Wi-Fi network. The Array intercepts a user’s request for access and redirects the user to an authentication page or a splash screen. and enter a means to pay for the service. create a username and password. The Array provides a simple and free means of creating a captive portal. Some of the key benefits of WPR are as follows: • Home Page Redirection Once connected to the public access network. type the URL of a website. At a hotspot a user will typically associate to the wireless network. This page will request the user to select a service plan. or can be controlled by an external server on the network. and then the service provider will redirect the user to special web page. the splash screen) can reside on the Array itself. the user can then be redirected back to the originally requested URL. a page may be presented describing the regulations of accessing the network as well as presenting key information such as a campus map and university phone numbers. Another common example is at a university where there are a large number of guest users. or the Array can point a user to an external web server that hosts the landing page. • • The most well known examples of WPR are in Wi-Fi hotspots such as a hotels or coffee shops. the screen presented to the user (e. Web Page Redirect can be uniquely configured on a per SSID basis. With the Xirrus Array. the Xirrus WPR feature intercepts the user’s requested URL and then directs the user to a web site to either securely sign up for service or 3 Rev 011810 . Benefits The main goal of WPR is to provide a secure mechanism for accessing an open wireless network and to provide a layer of security for guest access in wireless hotspot locations. To inform the user about the Terms and Conditions of using the network before allowing access.

The splash page files reside on the Array. For Internal there are two modes: • Internal Splash Displays a splash page instead of the first user-requested URL. and then the browser is redirected either to the specified landing page. Service Branding By allowing network owners to create a splash screen to promote their services. • Multiple Types of Authentication In addition to supporting secure access method via SSL. Xirrus products enable multiple authentication methods providing the maximum amount of flexibility to the end user and to the network administrator. network administrators can control the types of traffic that each user can send and receive. administrators can be assured that only appropriate traffic types are being sent across the network. The user-requested URL is captured. When redirecting the customer to a new landing page. administrators have complete control over the end-user’s quality of experience. By setting bandwidth limits and restrictions on when users can access the network. This mode can also be configured to simply redirect the user to a specified landing page without presenting the splash page. The login page resides on the Array. Traffic shaping By using WPR in conjunction with Filter Lists. The RADIUS server can reside internally on the Array or can be an external server that is reachable from the Array. The users can be directed to a splash/login page that resides internally on the Array or externally on a web server.1x. Rev 011810 4 • . Internal Login requires the use of a RADIUS server to authenticate the user. Internal Login/Splash The internal login feature displays a login page or splash screen residing on the Array instead of the first user requested URL. the original URL is passed as a parameter so the customer can still be directed to the requested URL after the local or personalized landing page has been presented. if any. Service Tiering By using the WPR function in conjunction with User Groups. or back to the captured URL. By setting Filter Lists. • • • Theory of Operation WPR displays a splash or login page when a user associates to the wireless network and opens a browser to any URL. the user’s browser is redirected to the splash or login page. the Xirrus Array allows companies to better brand their name and create a stronger association with the customer.           Application Note – Web Page Redirect login if they have a pre-existing account. network administrators can offer different qualities of service to each user. Internal Login Displays a login page instead of the first user-requested URL. the Xirrus Array simultaneously supports Authentication using IEEE 802.

instead of the first user-requested URL. the browser is redirected back to the user-requested URL or to a specific landing page instead (entered in the WMI as the “WPR Landing Page URL”). If authentication is successful. The external login page will collect the username and password and then pass the credentials back to the Array for authentication.           Application Note – Web Page Redirect Figure 1: WPR operation diagram External The external login feature redirects the user to a login page that resides on an external web server for authentication. The Array then sends the username and password to the internal or external RADIUS server to verify user authentication. Figure 2: External Login Configuration Rev 011810 5 .

2. 2. Please make sure that a DNS server is defined and reachable from the Array. 5a or 5b.           Application Note – Web Page Redirect The following chart contains a list of possible use cases and features that are supported in each case. 4c 1. 4a or 4b 1. 3. however each SSID can have its own Landing Page. and 3b. Enable WPR by selecting the WPR check box for the appropriate SSID. To configure a feature on a particular use case. 5a or 5b Custom Redirect Page (see Customizing WPR Files) 1. Web Page Redirect can be set for a specific SSID or for just for a specific User Group. For Internal Login. 3b Landing Page 1. When enabled. a new WPR section appears at the bottom of the configuration screen. 4c 1. Each User Group will use the Internal Splash/Login screen of its associated SSID. the login page obtains the user name and password and authenticates the credentials. 2. 7 1. refer to the step numbers under the feature. 3a or 3b 1. 2. 6. 2.) 1. 2. 2. 2. 3. 3b 1. 2. 2. 2. 8 Web Page Redirect Configuration Using the Web Management Interface (WMI) (Note: In order for WPR to work correctly. WPR is enabled under the SSID / SSID Management screen. 3a External RADIUS 1. 2. 7. however the authentication can take place against either an internal or external RADIUS server. 2. For example. 3a or 3b. 2. follow steps 1. In most cases you will uncheck the Global setting to configure authentication on a per SSID basis. 3a or 3b. 5a 1. 5b Internal RADIUS 1. 2. 3a 1. 7 1. 2. 6. the Array must be able to resolve DNS. 2. You can create a single Guest Rev 011810 6 . 4a or 4b 1. to configure registered user login with external radius. 3a or 3b 1.   Guest Login Registered User Login Splash Page Landing Page Only External Web Server 1. The login page resides internally on the Array. 6.

a. (Optional) • Choose HTTPS On or Off (Note: if this is turned off. the username and password will be sent as clear text). Internal Splash with no timeout (splash page is presented until user clicks proceed): Rev 011810 7 . (Optional) • Choose HTTPS On or Off (Note: if this is turned off. Internal RADIUS Server: • Select Internal Login • Define a landing page to redirect user to after login is successful. see Customizing WPR Files. For Internal Splash screen. advertising.           Application Note – Web Page Redirect username/password. see Customizing WPR Files. Following steps present the user with a default splash page. the Array presents the user with a web page containing Terms of Usage. a. To customize the login page. • Select Internal Radius Server • Click Apply • Configure username and password on Array Internal Radius server settings under Security -> Internal Radius b. To customize the splash page. • Select External Radius Server • Enter the External Radius Server settings • Select RADIUS Authentication Type • Click Apply 4. or simply redirects the user to another web page. the username and password will be sent as clear text). External RADIUS Server: • Select Internal Login • Define a landing page to redirect user to after login is successful. or create a username for individual users.

cgi. See External Web Server Setup and Customizing WPR Files. Rev 011810 8 . The external web server must be capable of executing perl scripts and the Xirrus provided wpr. For External mode. No Splash. the login page resides on an external web server. Internal Splash with timeout (splash page is presented for defined number of seconds.pl. and hs. Landing page only (user is redirected to landing page without presenting a splash page beforehand): • • • • Select Internal Splash Set Timeout value to 1 Define a landing page to redirect user to Click Apply 5.css files need to be loaded.           Application Note – Web Page Redirect • • • • Select Internal Splash Set Timeout to Never Define a landing page to redirect user to after login is successful (Optional) Click Apply b. user is then redirected to landing page): • • • • Select Internal Splash Set Timeout to desired value Define a landing page to redirect user to after login is successful Click Apply c. wpr.

Two of these files are used in adjusting the look and feel of each page. • Select Radius Authentication Type • Select External Radius Server • Click Apply 6. • Select Radius Authentication Type • Select Internal Radius Server • Click Apply • Configure username and password on Array Internal Radius server settings under Security -> Internal Radius b. authentication is handled by Array’s Internal Radius): • Select External • Enter Redirect URL. Users can edit these files to customize their splash and login pages to fit the client’s needs and then upload them to the Array. Rev 011810 9 .cgi file that resides on the external web server. This is the secret passphrase defined in the . This is NOT the Radius Secret. External Redirect with Internal Radius (Web page resides on external server. External Redirect with External Radius (Web page resides on external server. Some knowledge of html is preferred before attempting to edit these files. authentication is handled by external Radius server): • Select External • Enter Redirect URL. This is the URL or IP address of the external web server. This is the secret passphrase defined in the . • Enter the Redirect Secret. This is NOT the Radius Secret. For customizing WPR Files.           Application Note – Web Page Redirect a. there are three main files used by the Array to display the WPR splash and login pages. This is the URL or IP address of the external web server.cgi file that resides on the external web server. • Enter the Redirect Secret.

charset=utf8\">". The file is actually a list of variables that are accessed by a perl cgi script that is executed on the Array when a user is redirected to a splash or login screen. There are 5 major sections to pay close attention to when editing this file a.. $html_head_css – This variable defines the cascading style sheet (css) that will be used to define the default colors. proceed button. Changes that need to be made to this section of the splash/login screen can be defined here. By default this is set to the default hs.pl file can customize your splash and login screens. $html_body_top – This variable defines the html code that is responsible for displaying the top of the splash/login page. the cgi file looks into this file to build the html page that is presented to the user. For example: $html_head_metatags = "<meta http-equiv=\"Content-Type\" content=\"text/html. Editing the wpr. $html_splash – This variable defines the html code that will be presented between the body top and the body bottom when in Internal Splash mode. fonts. remember that all text that is placed inside of quotes denotes the value of the variable.g.           Application Note – Web Page Redirect wpr. etc. When the perl script is executed. $html_body_bottom – This variable defines the html code that is responsible for displaying the bottom of the splash/login page.pl file contains the html code that is responsible for displaying both the login and the splash screens presented by the Array. e. Quotes inside of the quotes that denote the value of the variable must be escaped. When editing the value of the variables. c. Rev 011810 10 . d. header styles. b.pl The wpr. If you are inserting html that has quotes in it. you must escape the quotes with the \ character. terms and conditions.css.

pl. Each SSID that has WPR enabled may have its own page. Uploading Files a. Custom files for a specific SSID must be named-based on the SSID name. Click on the Upload button to upload the new files to the Array. a user may choose to have a default text or background color that would apply to the body section of a web page. they will replace the factory default files and will be used for any SSID that does not have its own custom files.css The hs.css. b. $html_login – This variable defines the html code that will be presented between the body top and the body bottom when in Internal or External Login mode. From this page you can also list all WPR files that currently reside on the Array and remove them as well.           Application Note – Web Page Redirect e. In order for your changes to take effect. Removing Files a. Rev 011810 11 . Enter the filename and directory location (or click Browse to locate the splash/login page files). Username/Password boxes.pl should be modified as desired and renamed to wpr-Public. If you modify and upload files named wpr. For example. After customizing files to change the look and feel of the Splash or Login page.pl and hs. Enter the name of the WPR file you want to remove. e.g. 7.css file is a cascading style sheet that can be used to set default html settings that are applied to the entire splash/login page. if the SSID is named Public. For instance. the default wpr. b. you must load the pages on the Array in order for your changes to take effect. You may also modify the default font size for certain head types or title lines. Use the List Files button to show you a list of files that have been saved on the Array for WPR. hs.. A cascading style sheet (css) is typically used in defining global setting that would apply to any page in which the css is called. you must reboot the Array. c. These files can be uploaded in the Tools/System Tools page. per the naming convention just described.

(Apache. Open Internet Information Services (IIS) Manager Rev 011810 12 .dll extension using the following steps: a. IIS. Download and Install ActivePerl for Windows: http://www. 8. In some cases it can be advantageous to host the login page on an external web server. Click on the Delete button. etc. All commercially available web servers with PERL support should work.) • • Integrating with IIS 7 on Windows 2008 Server 1. External Web Server Requirements • Web server that is capable of executing PERL cgi scripts when using the cgi file provided by Xirrus.           Application Note – Web Page Redirect c.com/activeperl/ 3. Create a handler mapping that associates "*. Add IIS as a role through Server Manager if it has not been enabled already. These are advanced options that may require an advanced level of expertise and knowledge.pl" requests with ActiveState's perlex30. 2. Web server must be reachable from the Array. Also. hosting the page on an external web server can give the customer more flexibility and control over the cgi script and even allow for the use of PHP or ASP as the backend scripting language. you do not need to populate that change to every Array that is performing the WPR. One advantage to this is that if a change is made to the Login page. Reboot to make your changes take effect.activestate. d.

Rev 011810 13 . though.) Note that this assumes that you've installed ActiveState Perl using its default location. select "IsapiModule" from the dropdown list. c. click on the "Add Module Mapping. • • 4. the names for those mappings will need to be different. In most cases you will want to create a virtual directory under the Default Web Site in IIS Manger. it will need to be installed as an IIS optional component. you will need to look there for perl. In the center pane.cgi" (without the quotes). This is the directory where you will place the wpr." item in the Actions pane on the right.cgi and all dependant files to demonstrate basic functionality. When the Handler Mappings pane is displayed. For Executable. enter "ActiveState Perl for . Create an alias for this directory and define a physical path where the cgi files are located.exe.. Note that the ISAPI module is a prerequisite. double click on the Handler Mappings icon. Note that this name is just a label and does not affect functionality. This will apply the following handler mappings on the entire server. Do this by right clicking on the Default Web Site in the left hand side of the IIS Manger and choose Virtual Directory.exe %s %s" (without the quotes. For Name.           Application Note – Web Page Redirect b. If you installed it in another location. Fill out the Add Module Mapping dialog as follows: • • For Request Path. If it does not show up on this list. In the left hand pane of IIS Manager. select your server. It does need to be unique. d. For Module. IIS by default creates a folder C:\inetpub\wwwroot. If you are going to be associating other file extensions with ActiveState Perl. enter "c:\perl\bin\perl. enter "*..cgi" (without the quotes).

This script also handles all of the backend data execution such as presenting a splash or login page to the user. wpr. then $imagepath=”.xirrus.pl file to match where you have placed it on your server: require '. Restart IIS.cgi./icons/".css. if the wpr. gathering username/password parameters. • • • • 7. For example.. Change the image path to reflect the image path in your virtual directory: $imagepath = ". • Change the first line in the file. the wpr.           Application Note – Web Page Redirect 5.. Please note that the $imagepath and require elements are relative to the directory in which the wpr. #!/usr/bin/perl. Sample files can be found: http://support.com 6. There are 3 items in the wpr. and passing a user’s response to the Array for authentication and network access..cgi file is written to support Linux based operating systems.pl'.exe file resides on you server #!c:\perl\bin\perl.pl. to the path in which the perl. hs. Change the location of the wpr.cgi file is the main perl script that is responsible for building the splash/login page. Place the wpr. Rev 011810 14 . By default.cgi file is located in C:\inetpub\wwwroot\iiswpr\.cgi file is located./icons/” would refer to images that have been placed in C:\inetput\wwwroot\icons. and any image files in the folder pointed to by your new virtual directory./htdocs/icons/wpr. The wpr.cgi file that need to be adjusted to support IIS 7.exe.

follow the steps below: a. 3. set up WPR without NAT. Whenever possible. the splash or login screen will never be displayed. b. This is because the file that needs to be changed to see the foreign language sentences is wpr. charset=utf-8\"> to content=\"text/html\"> Rev 011810 15 . If the URL is not resolved. On the external web server.css and wpr. the following change is required to see foreign language characters: # Meta Tags $html_head_metatags = " <meta http-equiv=\"Content-Type\" content=\"text/html.pl file. By default. NAT results in significant performance drop b. a. Alleviates having to worry about routing configuration issues 2. 4. An External web server must be used. When editing hs. You must also change: content=\"text/html. you will need files that can be found on the Xirrus support site. use an editor such as Word Pad. In the Array this file is built dynamically each time the Array is booted. WPR only supports the English character set. 5.cgi and is not accessible in the Array.           Application Note – Web Page Redirect Tips and Recommendations 1. In the wpr. To enable a different language set. charset=utf-8\"> <meta http-equiv=\"Cache-control\" content=\"no-cache\"> <meta http-equiv=\"Pragma\" content=\"no-cache\">". c. The User requested URL must be properly resolved via DNS for WPR to work properly. use a DHCP server external to the Array for uniform addressing across multiple Arrays. If possible. Be careful to not use programs that alter the carriage return character such as Notepad.pl files.

Sign up to vote on this title
UsefulNot useful