Since iOS 7 blocked the spoofing of http://www.apple.com/library/test/success.html I am looking for another way to block the Captive Network Assistant login page. Since Apple has the devices checking 1->m websites I can not be sure all are blocked on the company's open network.
If there is no way to block it I would be open to changing it to a webpage with an accept button, like a terms page, but I can not find a method to do that either.
Since IOS7 apple now test more than 200 random URL too see if its on internet, you can not open for one and one page.
The way to handle this is to create a filter that looks for User Agent UA CaptiveNetworkSupport.
If portal sees this, it should return Success back to client.
User Agent:
CaptiveNetworkSupport
HTTP header:
HTTP/1.1 200 OK
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
HTTP Response:
<HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML>
On thing you might try, is always redirecting to a https page, the Captive Network Assitant expects a 302 redirect to a http url.
So, if whenever an http request comes in on your captive portal, you return a 302 redirect to an https page, the CNA won't appear.
Example request
Request URL:http://www.somepage.com
Request Method:GET
Response Headers Contain:
...
HTTP/1.1 302 Hotspot redirect
Location:https://www.mycaptiveportal.com
...
Following this post: Facebook.com and the iOS7 Captive Portal Detection
The IOS 7 devices check for the following domains:
www.appleiphonecell.com
captive.apple.com
captive.apple.com
www.apple.com
www.itools.info
www.ibook.info
www.airport.us
www.thinkdifferent.us
So if you'd open(unblock) those domains (like you did before with the success page), it should revert to the old behaviour.
However, there are also rumors that Apple now checks about 200 domains (which would then make these domains irrelevant), but i did not see confirmation of that.
I hope this helps.
Regards,
