DNS-based captive portal with integrated transparent proxy to protect against user device caching incorrect IP address
First Claim
1. A server in a captive portal system, the server comprising:
- a first network interface coupled to a local computer network;
a second network interface coupled to an external computer network;
a memory device storing a plurality of software instructions; and
one or more processors coupled to the memory device, the first network interface, and the second network interface;
wherein, by the one or more processors executing the software instructions loaded from the memory device, the one or more processors are configured to;
accept a connection requested from a user device on the local computer network to an IP address of the server, the connection to the IP address of the server occurring as a result of a name server previously determining the user device to not be logged in to the captive portal system and providing the user device the IP address of the server as a resolved IP address of a target domain name, the user device thereafter caching the IP address of the server provided by the name server as the resolved IP address of the target domain name;
determine whether the user device is logged according to a source address of the user device;
act as a transparent proxy between the user device and a remote destination on the external computer network to thereby allow the user device to receive content from the remote destination via the connection in response to determining that the user device is logged in; and
send alternate content different than that provided by the remote destination to the user device via the connection when the user device is not logged in.
2 Assignments
0 Petitions
Accused Products
Abstract
A captive portal system includes a login database, a web server, and a name server. The name server receives a DNS request from a user device, queries the login database to determine whether the user device is logged in, and responds to the DNS request with the IP address of the web server as a resolved IP address of the specified domain name when the user device is not logged in. The web server accepts a connection request from the user device to the IP address of the web server, receives an HTTP request specifying a non-local target URL from the user device, queries the login database to determine whether the user device is logged in according to the source address of the user device, and acts as a transparent proxy between the user device and the non-local target URL when the user device is logged in.
66 Citations
20 Claims
-
1. A server in a captive portal system, the server comprising:
-
a first network interface coupled to a local computer network; a second network interface coupled to an external computer network; a memory device storing a plurality of software instructions; and one or more processors coupled to the memory device, the first network interface, and the second network interface; wherein, by the one or more processors executing the software instructions loaded from the memory device, the one or more processors are configured to; accept a connection requested from a user device on the local computer network to an IP address of the server, the connection to the IP address of the server occurring as a result of a name server previously determining the user device to not be logged in to the captive portal system and providing the user device the IP address of the server as a resolved IP address of a target domain name, the user device thereafter caching the IP address of the server provided by the name server as the resolved IP address of the target domain name; determine whether the user device is logged according to a source address of the user device; act as a transparent proxy between the user device and a remote destination on the external computer network to thereby allow the user device to receive content from the remote destination via the connection in response to determining that the user device is logged in; and send alternate content different than that provided by the remote destination to the user device via the connection when the user device is not logged in. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of controlling access from user devices to an external network, the method comprising:
-
accepting a connection requested from a user device on a local computer network to an IP address of a server, the connection to the IP address of the server occurring as a result of a name server previously determining the user device to not be logged in to a captive portal system and providing the user device the IP address of the server as a resolved IP address of a target domain name, the user device thereafter caching the IP address of the server provided by the name server as the resolved IP address of the target domain name; determining whether the user device is logged in according to a source address of the user device; acting as a transparent proxy between the user device and a remote destination on the external network to thereby allow the user device to receive content from the remote destination via the connection in response to determining that the user device is logged in; and sending alternate content different than that provided by the remote destination to the user device via the connection when the user device is not logged in. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising computer executable instructions that when executed by one or more computers cause the one or more computers to perform steps of:
-
accepting a connection requested from a user device on a local computer network to an IP address of a server, the connection to the IP address of the server occurring as a result of a name server previously determining the user device to not be logged in to a captive portal system and providing the user device the IP address of the server as a resolved IP address of a target domain name, the user device thereafter caching the IP address of the server provided by the name server as the resolved IP address of the target domain name; determining whether the user device is logged in according to a source address of the user device; acting as a transparent proxy between the user device and a remote destination on an external network to thereby allow the user device to receive content from the remote destination via the connection in response to determining that the user device is logged in; and sending alternate content different than that provided by the remote destination to the user device via the connection when the user device is not logged in.
-
Specification