Modify

Opened 5 years ago

Last modified 5 years ago

#1331 infoneeded request

BUG : Google free acces on FON Spot

Reported by: fhocorp Owned by:
Priority: normal Milestone:
Component: fon-web Version: N/A
Severity: unknown
Cc: Hardware: both

Description

Hello

I have a fonea 20g and fonera 20n and i have noticed that users tha t are connected to the FON Hotspot can have free accces sto the domain google.com

For example, they can search on google or go to Gmail without to have to connect to FON.

For me it a big security flaw for the fon network

The problem come from the file /etc/fon/whitelist.dsnmasq

This file is generated from the radconfig of the hotspot.

Can you delete google.com from the radconfig configuration SVP ?

Best Regards

Attachments (1)

whitelist.dnsmasq (526 bytes) - added by fhocorp 5 years ago.
FON Hotspot Whitelist

Download all attachments as: .zip

Change History (5)

Changed 5 years ago by fhocorp

FON Hotspot Whitelist

comment:1 Changed 5 years ago by Randall

I just connected to a few hotspots and cannot replicate this "bug". It just keeps prompting me to logon.

comment:2 Changed 5 years ago by fhocorp

Yes i know.

Try to go to mail.google.com or https://www.google.com/?gws_rd=cr&ei=FPSQUrCwDceRtAaquoDoDA

For me it's working :(

comment:3 Changed 5 years ago by Randall

For me, both links re-direct to the login page (BT Wifi).

comment:4 Changed 5 years ago by matthijs

  • Component changed from fon-wifi to fon-web
  • Status changed from new to infoneeded
  • Type changed from bug to request
  • Version changed from 2.3.7.0 (Paco) to N/A

Fon supplies its router with a whitelist of domains that can be accessed without logging in. As you already found out, this happens through radconfig. I'm not entirely sure what the rationale behind this is, I suppose it is to provide a very minimal free service before having to log in.

What is the problem with this? I understand what you are asking, but no why. Also, I can ask within Fon, but I don't think it's likely that the whitelist will change, I don't think google.com is in there by accident.

Finally, it's entirely possible that the BT Fon spots and regular Fon spots use different whitelists, probably because BT has specific requirements for their network.

Add Comment

Modify Ticket

Action
as infoneeded The ticket will remain with no owner.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.