Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

Configuring redirection for captive portal users

Two settings in a captive portal zone can be used to redirect users after a successful authentication to a landing page hosted on a different server (local or remote).

Pre-authentication redirect URL

This setting set a default redirection URL, meaning users will be redirected to this URL after a successful authentication only if the captive portal doesn’t know where to redirect them.

After authentication Redirection URL

This setting set a forced redirection URL, meaning users will be redirected to this URL after a successful authentication instead of the one they initially tried to access.

These settings are often used by businesses to ensure a specific page is presented to users before anything else.

To use Pre-authentication redirect URL, the captive portal HTML/PHP page must contain a hidden field in the authentication form named redirurl and having value $PORTAL_REDIRURL$

Configuring a redirection before authentication

It is also possible, using a custom captive portal page, to redirect users to a remote web page before being authenticated by pfSense® software.

  • The IP address(es) of the remote website must be added as Captive Portal Allowed IP Addresses or Allowed Hostnames if the target server is on a separate subnet.

  • The captive portal login page must contain code at the top of the page similar to the following:

<?php
 require("globals.inc");
 $request_uri = urldecode(str_replace("/index.php?redirurl=", "",  $_SERVER["REQUEST_URI"]));
 $portal_redirurl = urldecode("$PORTAL_REDIRURL$");
 if(!stristr(urldecode("$PORTAL_REDIRURL$"), $request_uri)) {
    Header("Location: $PORTAL_REDIRURL$");
    exit();
 }
?>

[Rest of CP login page]

The overall idea of this code is to redirect users on a remote website as long as referrer is different from Pre-authentication redirect URL. It may need adapted to suit site-specific needs.