Recently, wireless networks are being adapted to support “Bring-Your-Own-Device” (BYOD) environments, where all users are able to access a targeted wireless network through their personal devices, such as laptop computers, tablets, or smartphones for example. As a result, the number of devices per network user has grown from a one-to-one relationship to a one-to-many relationship as a network user may simultaneously or interchangeably connect multiple devices to a particular network.
Granting enterprise access to personal devices has direct implications on security and network control. Security challenges range from understanding who and what is connected to the network to ensuring that those connected, unauthenticated devices have restricted for access to network resources. One way to handle such security issues is through the use of a captive portal.
“Captive portal” is a technique that forces a HTTP client on a network to display a special web page (usually for authentication purposes) before normal access to the Internet or another network resource is permitted. Generally, all messages from a client in a non-authenticated state are intercepted, regardless of the targeted address or port. Once the user opens a browser and tries to access the Internet through a HTTP Request message (e.g., HTTP GET Request), this prompts a HTTP redirect, namely a response is returned with a status code (e.g., 30×) that induces the browser to access another domain as shown in Table 1.
TABLE 1HTTP ClientRedirecting ComponentGET /index.html HTTP/1.1HTTP/1.1 302 FoundHost: www.domain1.comLocation:http://www.domain2.com/ex/
For instance, a HTTP Status Code 302 redirect is a temporarily redirect of access from one domain (e.g., www.domain1.com) to another domain (e.g., wwww.domain2.com). At that time, the browser is redirected to a web page at the second domain (www.domain2.com) which may require authentication and/or payment, or simply display an acceptable use policy and require the user to agree.
Hence, while it is important to properly route communications from the devices in a non-authenticated state to an external captive portal, in some cases, HTTP Status Code redirects may not be desired.