User Tools

Site Tools


manual:service

Service

Content filter

Introduction

A content filter can be used to block certain URLs or web pages containing specific phrases. A content filter can be linked to a subscriber network (global settings) or billing package. The content filter comes with a predefined list, this list will automatically be updated if you have a content filter subscription.

Since version 5.0.06 a new filtering method has been implemented that is much more light-weight in terms of computing performance but only allows filters on specific URLs. You can enable to old-behaviour that includes deeper HTTP inspection (and thus can filter on eg. keywords) by enabling Deprecated mode in System → Settings and then checking Urlbased when editing the content-filter.

Note: Content-filter subscriptions retrieve their lists from http://urlblacklist.com and are updated on a weekly basis.

Configuration

You can use a predefined list or add a specific value you want to block. You can see the values of a predefined list by clicking on the name.

Available lists in legacy mode:

  • Blacklist:
    • Banned sites: allows you to block domain names.
    • Banned URL's: allows you to block specific URLs
    • Banned extensions: If a web page ends with an extension in this list, the page will be blocked
    • Banned phrases: Block pages containing words from this list. If you want to block a page containing the word “test”, you need to add “test”. If you want to block pages containing words that contain “test”, you need to add “*test*”. This will also block “testing”.
    • Banned IP's: IP addresses of clients to disallow access to the web.
  • Whitelist
    • allowed sites: allows you to configure specific domain names to always allow
    • Allowed URL's: URLs (domain and path) to never block even when included in blacklists.

Important: You can also enable weight. All words on a page that are in your phrase list and have a weight will be added and if the weight is larger than the allowed weight, the site will be blocked. For example, you have two words; test with a weight of 30 and gateway with weight 31 and the total allowed weight is 50. If you then go to a website that contains the word test and gateway, this site will be blocked because 30 + 31 is larger than 50. If you go to a website with just the word test will be showed. Multiple occurrences of the same word count don't count as one. Twice the word test will equal a weight of 60.

Available in regular mode:

  • Blacklist:
    • Banned sites: allows you to block domain names.
  • Whitelist
    • allowed sites: allows you to configure specific domain names to always allow
  • Banned sites: You can use this list to block an entire domainnames, there is no need for http://// or www (subdomains are included)
  • Banned URL's: To block a part of a site you can use this list, for example: gateway.com/download.
  • Allowed sites: This will allow sites that are configured in the banned sites list
  • Allowed URL's: Allow URL's that are blocked by the banned URL list.

Note: A future content filter update could block a website you do not wish to block, using Allowed Sites enables you to overrule these blockades.

Input fields

Custom Input fields give you the ability to create your own fields that are not by default on the system (eg. Date of birth). These fields can then be used in other facilities such as Registration Forms, Subscriber Export…

Devices

Introduction

Devices are a logical identification of different devices in the system. This has as advantage that you can use the logical device name everywhere else in the system rather then use a technical representation of the device like the user agent or MAC address.

Configuration

A device can be identified by it's

  • MAC address: Usually the first digits of the MAC address represent the vendor, this can be used to identify the type of device that is connected. The format is uppercase with dashes for separators.
  • User agent: The user agent is a browser identification string that allows us to identify the device, usually the name of the device or the initials are part of the user agent string. With regular expressions you can match a part of the user agent string. It is also possible to make a device group, a device group can contain several devices. E.g. Mobile devices could contain all different kinds of mobile phones.

Use

Devices can be used to

  • Show different portal pages based on devices (See portal rules)
  • Reporting (eg. bandwidth per device type, total counts of current active subscriber per device type)

Tips

  • To match all MAC addresses starting with F8 you can use F8.* as regular expression.

Groups

Introduction

Groups logically group a set of subscriber profiles with the goal to allow or block access for these subscribers. This could be a school that has a group per class, with this option it is possible to block Internet access for the entire classroom.

Use

Group Internet access can be disabled or enabled by clicking the “turn on/off online access” button in the action column. To add a user to the group edit the user profile and select the group from the drop down (see subscriber details)

Guest authentication

Introduction

This module determines how clients will be authenticated, all clients will receive an invalid login message when no authentication mechanism is specified or found.

Use

The system will try all authentication types from top to bottom, once the username is found in one of the authentication methods the system will no longer check other types. The username pattern field allows to configure a regular expression the username must match before an authentication method is tried. If enabled (Checkbox strip pattern), the system will strip the pattern, before trying to authenticate.

Location scheduling

Here you can schedule the AAA state of a location. This allows you to open a location (a part of your network) for a configured time period.

Note: Once the start date is reached you cannot update the location scheduling anymore. When deleting a location scheduling or when the end date is reached, the location will return to its previous AAA state.

Locations

Locations are logical divisions which can be used to apply configuration for a specific part of the network. These logical divisions can be created by adding a guest network (or part) to a location.

Password policy

In the password policy you can set different password policies for the system. Password policies are used to define actions the user has to do concerning his password. This module can be used

for guests and administrators:

  • Change password on first login.
  • Allow the guest to change password on the portal.
  • Minimum password length.
  • Password expiration.
  • Block account after x login attempts.
  • Password history (no password that the guest recently used can be reused).
  • Password complexity.

Redirection daemon

Portal filters

Filters are designed to answer to specific User agents, hosts, paths and destination IPs for non active devices. These can be used to perform redirections, mimic internet checks, block unwanted browsers, … A few predefined filters can be found in the drop-down menu to catch Captive Network Assistents preset in recent versions of Windows, iOS, OS X, Android, Blackberry, …

Note: Filters header and filter content fields are currently limited to 2000 characters, if you need this enlarged, please contact support.

Access log

A list of user agents that reached the portal page.

Proxy

Here you can define some common proxy ports, if someone uses one of these ports: a message, configured in the return content will be shown. This can be used to tell the customer to disable their proxy settings before connecting to the internet.

Rooms

This lists all rooms configured on the system. This table is populated by:

  • Manually: You can add rooms manually by clicking the add icon.
  • PMS: When the PMS module is enabled, the table will show all rooms we receive from the PMS system (mapping happens on name attribute).

Each room can be linked to a floor, guest type and VLAN (you first need to select the subscriber network in order to link it to a VLAN). Floors can be created in the floors tab, guest types in the guest types tab.

By clicking the edit icon, you can also see all guest details of the guests checked-in in that room. To ease the search for a specific room / guest, there is a search module available.

Rules

Introduction

(Portal page) Rules specify what options a client has when connecting to the portal. It specifies:

  • which portal page is shown when a client connects
  • which logout console is shown
  • which billing options are available
  • which billing packages can be bought

Configuration

By adding more than one rule, it is possible to display different portal pages depending on the device type or location.

The rules are processed from top to bottom, as soon as a rule matches, the rules below it will be ignored. This is why the rule order is important, the rules can be sorted by clicking the sort icon in the navigation bar. The actual rule configuration consist of two parts; the functionality needs to be enabled (portal page / billing package / billing options). The second part is defining triggers to a specific rule. These triggers can be composed of:

  • Default: This is if you want the rule to be run by default
  • Location: This is if you want this rule to apply to a location
  • All rooms: This is if you want this rule to apply to all rooms (VLAN setup)
  • Room: This is if you want this rule to apply to certain rooms, in a range
  • Floor: This is if you want this rule to apply to a certain floor
  • Guest Type: This is if you want this rule to apply to a certain guest type
  • MAC Address: This is if you want this rule to apply to a certain MAC Address
  • User Agent Pre-defined: This is if you want this rule to apply to a user agent, e.g. Sony PSP
  • User Agent User definable: This is if you want this rule to apply to a user definable agent
  • Device: This is if you want this rule to apply to a device type (see devices)
  • Subscriber IP Range: This is if you want this rule to apply to a certain IP range
  • FIAS rules: Here you can set this rule based on a certain FIAS input, e.g. First name

Note: Multiple triggers can be configured and combined using binary logic and/or relationships.

Upgrade rules

Upgrade rules are triggered when a client want to upgrade his current package. This happens when they enter the upgrade domain in their browser e.g. http://upgrade.com (see DNS Entries on how to configure your upgrade domain). The upgrade rules are identical to the standard rules but they only have the option to specify the billing packages. There is also an additional trigger, the current billing plan of the subscriber.

Walled garden

Introduction

IP addresses / domains or URLs in this list will be accessible for all unauthenticated subscribers in the selected subscriber network.

Simple configuration

  • IP / domain: can be an IP (1.2.3.4), IP/netmask (1.2.3.4/24) or domain (fdxtended.com). To allow all subdomains you can use *. like *.fdxtended.com
  • Port: optional
  • Protocol: all, UDP, TCP and ICMP
  • location: specify the location the walled garden should be applied, guest networks without location will also be used when “all” is selected.

Advanced configuration

The advanced configuration supports regular expressions, path and action (allow / disallow) but due to performance penalty we recommend using the default configuration.

Web-notifications

Using Web-notifications, the HSMX can notify 3rd-party systems of certain events.

  • Authentication of new subscribers
  • Re-authentication of subscribers
  • Sign-out or session-end of subscribers

Configuration

Configuration is fairly straight-forward; browse to Service → Web-notifications and Enable the service. Proceed by configuring the HTTP callback URLs:

The following HTTP GET variables are at your disposition:

  • IP: ||hisip||
  • MAC: ||hismac||
  • Gateway: ||gateway||
  • Username (not in re-authentication): ||username||

Note: When using HTTPs services a valid certificate is required.

Since version 5.1.06.

manual/service.txt · Last modified: 2015/11/19 08:09 by mathias