Captive portal that modifies content retrieved from requested web page within walled garden to add link to login portal for unauthorized client devices
First Claim
1. A method of providing a captive portal between a local network and an external network, the method comprising:
- receiving a first transmission control protocol (TCP) connection request from a web browser running on a client device on the local network, the first TCP connection request having a target address of a first web server on the external network;
determining whether the client device is authorized to directly access the first web server according to an authorized device table;
when the client device is determined to be authorized to directly access the first web server, passing the first TCP connection request to the first web server;
when the client device is determined to not be authorized to directly access the first web server, accepting the first TCP connection request and establishing a connection with the client device by pretending to be the first web server;
receiving from the client device via the connection a hypertext transfer protocol (HTTP) request for a requested web page on the first web server;
determining whether the requested web page received from the client device via the connection is one of one or more walled garden web sites on the external network for which unauthorized client devices on the local network are allowed access;
replying to the client device with an HTTP response including a link to a login portal via the connection such that an address bar of the web browser on the client device continues to indicate a uniform resource locator (URL) representing the requested web page on the first web server;
when the requested web page is one of the walled garden web sites;
retrieving an original content of the requested web page from the first web server;
modifying the original content of the requested web page as retrieved to form a modified content having at least some of the original content of the requested web page preserved;
wherein the modified content is formed at least by adding the link to the login portal that was not present in the original content; and
replying to the client device via the connection with the HTTP response including the modified content;
whereby the web browser on the client device displays the requested web page according to the modified content; and
when the requested web page is not one of the walled garden web sites, replying to the client device via the connection with the HTTP response being a designated web page different than the requested web page and including the link to the login portal;
wherein, in response to the client device successfully logging in at the login portal, the login portal updates the authorized device table to indicate the client device is now an authorized client device, and thereafter the client device is authorized to directly access the first web server when receiving from the client device a subsequent TCP connection request for the first web server.
2 Assignments
0 Petitions
Accused Products
Abstract
The described captive portal techniques cause client devices to render and display designated web pages. One designated web page may be different than a requested web page such as when a client is not authorized to access the requested page and is instead caused to display a login portal. The captive portal may modify the designated web page to ensure that relative links lacking base domains now have specified base domains pointing to an authorized web server. The modified content is sent from the captive portal to the client device for display. Client web browser security measures related to redirection messages are thereby bypassed and load on the captive portal is minimal. Another designated web page may be the same as the requested web page such as when the requested page is an authorized page even for non-logged in clients. Authorized pages may be modified to add a login link.
48 Citations
20 Claims
-
1. A method of providing a captive portal between a local network and an external network, the method comprising:
-
receiving a first transmission control protocol (TCP) connection request from a web browser running on a client device on the local network, the first TCP connection request having a target address of a first web server on the external network; determining whether the client device is authorized to directly access the first web server according to an authorized device table; when the client device is determined to be authorized to directly access the first web server, passing the first TCP connection request to the first web server; when the client device is determined to not be authorized to directly access the first web server, accepting the first TCP connection request and establishing a connection with the client device by pretending to be the first web server; receiving from the client device via the connection a hypertext transfer protocol (HTTP) request for a requested web page on the first web server; determining whether the requested web page received from the client device via the connection is one of one or more walled garden web sites on the external network for which unauthorized client devices on the local network are allowed access; replying to the client device with an HTTP response including a link to a login portal via the connection such that an address bar of the web browser on the client device continues to indicate a uniform resource locator (URL) representing the requested web page on the first web server; when the requested web page is one of the walled garden web sites; retrieving an original content of the requested web page from the first web server; modifying the original content of the requested web page as retrieved to form a modified content having at least some of the original content of the requested web page preserved;
wherein the modified content is formed at least by adding the link to the login portal that was not present in the original content; andreplying to the client device via the connection with the HTTP response including the modified content;
whereby the web browser on the client device displays the requested web page according to the modified content; andwhen the requested web page is not one of the walled garden web sites, replying to the client device via the connection with the HTTP response being a designated web page different than the requested web page and including the link to the login portal; wherein, in response to the client device successfully logging in at the login portal, the login portal updates the authorized device table to indicate the client device is now an authorized client device, and thereafter the client device is authorized to directly access the first web server when receiving from the client device a subsequent TCP connection request for the first web server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A captive portal server controlling network communications between a local network and an external network, the captive portal server comprising:
-
a first network interface coupled to the local network; a second network interface coupled to the external network; a storage device storing a plurality of software instructions; and one or more processors coupled to the first network interface, the second network interface, and the storage device; wherein, by the one or more processors executing the software instructions stored in the storage device, the one or more processors are configured to cause the captive portal server at least to; receive a first transmission control protocol (TCP) connection request from a web browser running on a client device on the local network, the first TCP connection request having a target address of a first web server on the external network; determine whether the client device is authorized to directly access the first web server according to an authorized device table; when the client device is determined to be authorized to directly access the first web server, pass the first TCP connection request to the first web server; when the client device is determined to not be authorized to directly access the first web server, accept the first TCP connection request and establish a connection with the client device by pretending to be the first web server; receive from the client device via the connection a hypertext transfer protocol (HTTP) request for a requested web page on the first web server; determine whether the requested web page received from the client device via the connection is one of one or more walled garden web sites on the external network for which unauthorized client devices on the local network are allowed access; reply to the client device with an HTTP response including a link to a login portal via the connection such that an address bar of the web browser on the client device continues to indicate a uniform resource locator (URL) representing the requested web page on the first web server; when the requested web page is one of the walled garden web sites; retrieve an original content of the requested web page from the first web server; modify the original content of the requested web page as retrieved to form a modified content having at least some of the original content of the requested web page preserved;
wherein the modified content is formed at least by adding the link to the login portal that was not present in the original content; andreply to the client device via the connection with the HTTP response including the modified content;
whereby the web browser on the client device displays the requested web page according to the modified content; andwhen the requested web page is not one of the walled garden web sites, reply to the client device via the connection with the HTTP response being a designated web page different than the requested web page and including the link to the login portal; wherein, in response to the client device successfully logging in at the login portal, the login portal updates the authorized device table to indicate the client device is now an authorized client device, and thereafter the client device is authorized by the captive portal server to directly access the first web server when the captive portal server receives from the client device a subsequent TCP connection request for the first web server. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A captive portal system comprising:
-
a storage device storing an authorized devices table; a login portal; and a captive portal server between a local network and an external network; wherein the captive portal server receives a first transmission control protocol (TCP) connection request from a web browser running on a client device on the local network, the first TCP connection request having a target address of a first web server on the external network; the captive portal determines whether the client device is authorized to directly access the first web server according to the authorized device table; the captive portal passes the first TCP connection request to the first web server when the client device is determined to be authorized to directly access the first web server; when the client device is determined to not be authorized to directly access the first web server, the captive portal server accepts the first TCP connection request and establishes a connection with the client device by pretending to be the first web server; the captive portal server receives from the client device via the connection a hypertext transfer protocol (HTTP) request for a requested web page on the first web server; the captive portal server determines whether the requested web page received from the client device via the connection is one of one or more walled garden web sites on the external network for which unauthorized client devices on the local network are allowed access; the captive portal server replies to the client device with an HTTP response including a link to the login portal via the connection such that an address bar of the web browser on the client device continues to indicate a uniform resource locator (URL) representing the requested web page on the first web server; when the requested web page is one of the walled garden web sites; the captive portal retrieves an original content of the requested web page from the first web server; the captive portal modifies the original content of the requested web page as retrieved to form a modified content having at least some of the original content of the requested web page preserved;
wherein the modified content is formed at least by adding the link to the login portal that was not present in the original content; andthe captive portal replies to the client device via the connection with the HTTP response including the modified content;
whereby the web browser on the client device displays the requested web page according to the modified content;when the requested web page is not one of the walled garden web sites, the captive portal replies to the client device via the connection with the HTTP response being a designated web page different than the requested web page and including the link to the login portal; and in response to the client device successfully logging in at the login portal, the login portal updates the authorized device table to indicate the client device is now an authorized client device, and thereafter the client device is authorized by the captive portal server to directly access the first web server when the captive portal server receives from the client device a subsequent TCP connection request for the first web server.
-
Specification