Overriding proxy response
Eric
eric at ipergy.net
Mon Oct 5 23:06:49 CEST 2009
Hi All,
Answering my own post, I ended up putting some sort of check in
post_proxy (match for MS-CHAP-Error 648), which then sets the username
that I need to assign a different IP ranges because the account is set
on the IAS as 'change password' in a db file. I return from post_proxy
with HANDLED; This means indeed that the client times out. Durint the
authorize phase I then check whether this is the username I need to
allow, delete it from the db_file and rewrite the request to a default
user with the parameters that I need.
Now just need to figure out how to do the DNS. Worst case I can use a
split-dns based on the different IP ranges.
Cheers
Eric
Johan Meiring wrote:
> Ivan Kalik wrote:
>>>> And how is user supposed to open that "topup page" if he is looking for
>>>> Google, for instance?
>>> Instead of Google's IPs your DNS servers would return your web server,
>>> with
>>> the "topup page".
>>>
>>> What you want *is* a captive portal - it will
>>>> capture the user and redirect him from the requested page onto the one
>>>> you
>>>> want him to see.
>>>>
>>> I didn't say I agree with the DNS scheme.
>>> I do agree that a captive portal is the best solution.
>>> I was simply mentioning that it is not always possible.
>>
>> It is possible - that's what you are making. DNS scheme is not going to
>> work. All user has to do to defeat that is to change the assigned DNS
>> servers - and he can surf the net. You need a proper captive portal where
>> user can't simply change DNS info and/or assigned IP and escape.
>>
>
> Our local telco includes a filter for you as well, with the DNS scheme,
> so the client can only reach your topup server.
>
More information about the Freeradius-Users
mailing list