Meraki

Community

About Cruor

Limit SMS form restart on splash page

by in Wireless
‎Dec 14 2018 3:07 AM
‎Dec 14 2018 3:07 AM
Hello, Is there a way to limit the number of retry via the SMS splash page with Twilio ? You can receive an unlimited number of message with the connection code to authentication on the splash page. I don't want someone to abuse the feature and make me pay a big amount of money in SMS sending via Twilio.   Do I need to configure something ?   Regards, ... View more

Re: Guest Wifi Network - Custom Hosted splash page security concern

by in Security & SD-WAN
‎Nov 30 2018 12:43 AM
‎Nov 30 2018 12:43 AM
Thank you for your response guys. As i understand there is no way to secure a clickthrough custom-hosted splash page... The only way to make sure that my user filled my form is to go with the RADIUS or LDAP method or with a paying solution like Twilio. ... View more

Re: Guest Wifi Network - Custom Hosted splash page security concern

by in Security & SD-WAN
‎Nov 29 2018 8:42 AM
‎Nov 29 2018 8:42 AM
That's a cool diagram This case is actually the "Sign-on with my RADIUS server" method, right ? Because you provide data to the Meraki Cloud in order for him to do a RADIUS Request and process the Response. I'm not using any RADIUS nor LDAP server to authenticate my custormer. In fact, i'm using a private communication service which use SMS. The idea is that i want my customer to type their phone number. Then, he will receive a code by SMS asked by my page. If the code is correct, he will be redirect to the Meraki granting page where he will have the right to access internet right after. Meraki provide this solution but via Twilio (a paying solution). I found the only way for me to do it, was to use the "Clickthrough" method. In consequence, I make sure that the client is human and his phone number is correct. Maybe there is another way for me to do it ? ... View more

Re: Guest Wifi Network - Custom Hosted splash page security concern

by in Security & SD-WAN
‎Nov 29 2018 7:44 AM
‎Nov 29 2018 7:44 AM
Hmm not really, this is the basis. The link above have more details about the request made. But your link is the reason why i have security concern :   Once you are prepared to grant access to the user, you must forward certain parameters you can gather from the URL in step 2 above. Specifically, you must forward the user to the following URL: GET[‘base_grant_url’] + “?continue_url=” + GET[‘user_continue_url’] Where the following parameters are extracted from the user’s original query or specified by you: base_grant_url = https://n##.meraki.com/splash/grant user_continue_url = http://google.com In the case of the example above the assembled URL would be: https://n##.meraki.com/splash/grant?continue_url=http://google.com   Is it that simple ? No security tokens ? No challenge between your splash page and the meraki granting page ? No way to prove that the user got through your page and filled your form ? I may have missed something... ... View more

Re: Guest Wifi Network - Custom Hosted splash page security concern

by in Security & SD-WAN
‎Nov 29 2018 6:23 AM
‎Nov 29 2018 6:23 AM
Thank you for your quick response. But I have a question : How does it work technically ? I found this troubleshooting guide on the documentation website : https://documentation.meraki.com/MR/Splash_Page/Splash_Page_Traffic_Flow_and_Troubleshooting It explains all the request made for a Click-through Splash Page with EXCAP. How setting Captive portal strength to "Block all access until sign-on" and Controller disconnection behavior to 'Restricted" is gonna prevent users to bypass my own splash page and directly hit the "/splash/grant?" webpage ? PS: I didn't test it for now, maybe it'd work but i don't understand why it would ... View more

Guest Wifi Network - Custom Hosted splash page security concern

by in Security & SD-WAN
‎Nov 29 2018 1:27 AM
1 Kudo
‎Nov 29 2018 1:27 AM
1 Kudo
Hello, I was reading the documentation about a custom-hosted splash page for a wifi network. So i understand that I have to redirect the customer to my page and allow my domain in the walled garden. I'm OK with that.   As I read the article, i saw that I can use two methods : "Clickthrough" and "Sign-on with meraki authentication". First of all, i don't want my customer to create an account. I just want them to give one personnal information like a phone number (which doesn't require to have internet access) to indentify them.   In my case, i use the clickthrough. So imagine I create my page, I display a form requiring a phone number and then, as the documentation said, I need to foward the user to a granting page like "https://nXXX.meraki.com/splash/grant?continue_url=https://google.fr".   My question is : If the user directly write in the address bar the url to the granting page, is he going to bypass my splash page ? Because i don't see any shared secret between me and the meraki equipment so he just have to do a GET request, right ?   My second question is : Is there any way to secure that and block any attempt of directly going to the granting page ?   Regards   ... View more
© 2024 Cisco Systems, Inc.