DNS-based captive portal with integrated transparent proxy to protect against user device caching incorrect IP address
First Claim
1. A captive portal system for controlling access from user devices to an external network, the captive portal system comprising:
- a storage device storing a login database, the login database specifying source addresses of user devices that are currently logged in;
a web server coupled to the storage device and a computer network, and configured with an IP address accessible on the computer network; and
a name server coupled to the storage device and the computer network, and operable to resolve domain names to IP addresses;
wherein the name server is configured to;
receive a DNS request from a user device to resolve a target domain name;
query the login database to determine whether the user device is logged in according to a source address of the user device;
respond to the DNS request with the IP address of the web server as a resolved IP address of the target domain name when the user device is not logged in; and
respond to the DNS request with a correct IP address of the target domain name in response to the name server determining that the user device is logged in; and
the web server is configured to;
accept a connection request from the user device to the IP address of the web server, the connection request to the IP address of the web server occurring as a result of the name server previously determining the user device to not be logged in and the user device caching the IP address of the web server provided by the name server as the resolved IP address of the target domain name;
receive an HTTP request specifying a non-local target URL from the user device over the connection, wherein the non-local target URL is not a URL provided by the web server;
query the login database to determine whether the user device is logged in according to the source address of the user device;
respond to the HTTP request by acting as a transparent proxy between the user device and the non-local target URL to thereby allow the user device to receive content of the non-local target URL in response to the web server determining that the user device is logged in; and
respond to the HTTP request with alternate content different than that provided at the non-local target URL when the user device is not logged in.
3 Assignments
0 Petitions
Accused Products
Abstract
A captive portal system includes a login database, a web server, and a name server. The name server receives a DNS request from a user device, queries the login database to determine whether the user device is logged in, and responds to the DNS request with the IP address of the web server as a resolved IP address of the specified domain name when the user device is not logged in. The web server accepts a connection request from the user device to the IP address of the web server, receives an HTTP request specifying a non-local target URL from the user device, queries the login database to determine whether the user device is logged in according to the source address of the user device, and acts as a transparent proxy between the user device and the non-local target URL when the user device is logged in.
71 Citations
20 Claims
-
1. A captive portal system for controlling access from user devices to an external network, the captive portal system comprising:
-
a storage device storing a login database, the login database specifying source addresses of user devices that are currently logged in; a web server coupled to the storage device and a computer network, and configured with an IP address accessible on the computer network; and a name server coupled to the storage device and the computer network, and operable to resolve domain names to IP addresses; wherein the name server is configured to; receive a DNS request from a user device to resolve a target domain name; query the login database to determine whether the user device is logged in according to a source address of the user device; respond to the DNS request with the IP address of the web server as a resolved IP address of the target domain name when the user device is not logged in; and respond to the DNS request with a correct IP address of the target domain name in response to the name server determining that the user device is logged in; and the web server is configured to; accept a connection request from the user device to the IP address of the web server, the connection request to the IP address of the web server occurring as a result of the name server previously determining the user device to not be logged in and the user device caching the IP address of the web server provided by the name server as the resolved IP address of the target domain name; receive an HTTP request specifying a non-local target URL from the user device over the connection, wherein the non-local target URL is not a URL provided by the web server; query the login database to determine whether the user device is logged in according to the source address of the user device; respond to the HTTP request by acting as a transparent proxy between the user device and the non-local target URL to thereby allow the user device to receive content of the non-local target URL in response to the web server determining that the user device is logged in; and respond to the HTTP request with alternate content different than that provided at the non-local target URL when the user device is not logged in. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of controlling access within a captive portal from user devices to an external network, the method comprising:
-
tracking in a login database source addresses of user devices that are currently logged in; receiving, by a name server, a DNS request from a user device to resolve a target domain name; querying, by the name server, the login database to determine whether the user device is logged in according to a source address of the user device; responding, by the name server, to the DNS request with an IP address of a web server accessible to the user device from within the captive portal as a resolved IP address of the target domain name when the user device is not logged in; responding, by the name server, to the DNS request with a correct IP address of the target domain name in response to the name server determining that the user device is logged in; accepting, by the web server accessible to the user device from within the captive portal, a connection request from the user device to the IP address of the web server, the connection request to the IP address of the web server occurring as a result of the name server previously determining the user device to not be logged in and the user device caching the IP address of the web server provided by the name server as the resolved IP address of the target domain name; receiving, by the web server, an HTTP request specifying a non-local target URL from the user device over the connection, wherein the non-local target URL is not a URL provided by the web server; querying, by the web server, the login database to determine whether the user device is logged in according to the source address of the user device; responding, by the web server, to the HTTP request by acting as a transparent proxy between the user device and the non-local target URL to thereby allow the user device to receive content of the non-local target URL in response to the web server determining that the user device is logged in; and responding, by the web server, to the HTTP request with alternate content different than that provided at the non-local target URL when the user device is not logged in. - View Dependent Claims (13, 14)
-
-
15. A non-transitory computer-readable medium comprising computer executable instructions that when executed by one or more computers cause the one or more computers to perform a method of controlling access within a captive portal from user devices to an external network, the method comprising:
-
tracking in a login database source addresses of user devices that are currently logged in; receiving, by a name server, a DNS request from a user device to resolve a target domain name; querying, by the name server, the login database to determine whether the user device is logged in according to a source address of the user device; responding, by the name server, to the DNS request with an IP address of a web server accessible to the user device from within the captive portal as a resolved IP address of the target domain name when the user device is not logged in; responding, by the name server, to the DNS request with a correct IP address of the target domain name in response to the name server determining that the user device is logged in; accepting, by the web server accessible to the user device from within the captive portal, a connection request from the user device to the IP address of the web server, the connection request to the IP address of the web server occurring as a result of the name server previously determining the user device to not be logged in and the user device caching the IP address of the web server provided by the name server as the resolved IP address of the target domain name; receiving, by the web server, an HTTP request specifying a non-local target URL from the user device over the connection, wherein the non-local target URL is not a URL provided by the web server; querying, by the web server, the login database to determine whether the user device is logged in according to the source address of the user device; responding, by the web server, to the HTTP request by acting as a transparent proxy between the user device and the non-local target URL to thereby allow the user device to receive content of the non-local target URL in response to the web server determining that the user device is logged in; and responding, by the web server, to the HTTP request with alternate content different than that provided at the non-local target URL when the user device is not logged in.
-
-
16. A computer server in a captive portal system, the computer server comprising:
-
a first network interface coupled to a local computer network; a second network interface coupled to an external computer network; a memory device storing software instructions; and one or more processors coupled to the memory device; wherein, by the one or more processors executing the software instructions loaded from the memory device, the one or more processors are configured to; receive a DNS request from a user device on the local computer network to resolve a target domain name on the external computer network; query a login database to determine whether the user device is logged in at a time of the DNS request according to a source address of the user device; respond to the DNS request with an IP address of the computer server as a resolved IP address of the target domain name when the user device is not logged in at the time of the DNS request; respond to the DNS request with a correct IP address of the target domain name in response to determining that the user device is logged in at the time of the DNS request; accept a connection request from the user device on the local computer network to the IP address of the computer server, the connection request coming sometime after the DNS request, the connection request to the IP address of the web server occurring as a result of the name server previously determining the user device to not be logged in and the user device caching the IP address of the web server provided by the name server as the resolved IP address of the target domain name; receive an HTTP request specifying a non-local target URL from the user device over the connection, wherein the non-local target URL is not a URL provided by the computer server; query the login database to determine whether the user device is logged in at a time of the HTTP request according to the source address of the user device; respond to the HTTP request by acting as a transparent proxy between the user device and the non-local target URL to thereby allow the user device to receive content of the non-local target URL in response to determining that the user device is logged in at the time of the HTTP request; and respond to the HTTP request with alternate content different than that provided at the non-local target URL when the user device is not logged in at the time of the HTTP request. - View Dependent Claims (17, 18, 19, 20)
-
Specification