HTML Page Parameters
The HTML pages for WebAuth can contain a number of parameters which are used as needed.
These are:
• %CHALLENGE_MESSAGE% - The question text asked.
• %IPADDR% - The IP address which is being browsed from.
• %ERRORMSG% - The reason that access was denied.
• %USER% - The username entered.
• %REDIRHOST% - The IP of the host that was requested.
• %REDIRURL% - The path of the host that was requested.
• %REDIRURLENC% - The URL encoded path.
• %IPADDR% - The IP of the client.
• %DEVICENAME% - The name of the authenticating firewall.
The LoginFailure Page with ARP Authentication
If authentication fails with ARP authentication (also referred to as MAC authentication), the
%USER% parameter will contain the MAC address of the requesting client (or the MAC address of
the intervening router nearest the firewall).
A typical parameter set of values for the LoginFailure page when ARP authentication is used
might be:
USER: 00-0c-19-f9-14-6f
REDIRHOST: 10.234.56.71
REDIRURL: /testing?user=user&pass=pass
REDIRURLENC: %2ftesting%3fuser%3duser%26pass%3dpass
IPADDR: 10.1.6.1
DEVICENAME: MyGateway
The %REDIRURL% Parameter Should Not Be Removed
In certain banner web pages, the parameter %REDIRURL% appears. This is a placeholder for the
original URL which was requested before the user login screen appeared for an unauthenticated
user. Following successful authentication, the user becomes redirected to the URL held by this
parameter.
Since %REDIRURL% only has this internal purpose, it should not be removed from web pages and
should appear in the FormLogin page if that is used.
Example 8.5. Editing Content Filtering HTTP Banner Files
This example shows how to modify the contents of the URL forbidden HTML page.
Web Interface
Chapter 8: User Authentication
636
To Next Page
Loading...
