I am developping a hotspot login page that uses FB login. My problem is that when the user clicks the FB login page he should be redirected to the FB page, but at that stage there is internet connexion allowed yet by the hotspot. I assume FB does use some sort of CDN (content delivery network), such that I could not use a simple list of IP addresses. I could put *.facebook.com into the walled garden. This would allow users to connect to facebook - but this will users also allow to use facebook completely without logging into the hotspot at all (what I probably dont want)

Or maybe there is there a CDN server that allows only to use the login page and get the user credentials without being able to browse and see facebook content ?All I want is use only the FB API without the site itself

Facebook Login Api Mikrotik

Download Zip: https://taharvrioru.blogspot.com/?cq=2vARxF

I want to implement a Hotspot with Mikrotik ( :IP/Hotspot/Walled_Garden) and the social login of facebook ( -login/web/login-button) as access to the network, the problem is that I must allow access to certain URLs and paths, but I do not know how the Facebook domain system works.

Within the preferences of the Captive Portal, you can enable users Login via Facebook or other Social Network. In this way in the Login page you will see a button that will allow users, not yet registered, to log hotspot using, for example, their Facebook account.After logging, the users will be automatically registered and can later log in with Facebook or with its new access credentials received by email after the first login.As in the case of the SMS Registration, you can choose the features (group, tariff plan etc.) of the new user.This function, as well as facilitating the access of users, allows you to advertise your business on Facebook as it will be possible to ask the user to leave a like for your Facebook page, with a special option in users groups menù.

A necessary condition for using the login with social networks is that the user can access the related sites. To do this, if you use an HotSpot router with CoovaAP, OpenWRT, DD-WRT firmware or a Mikrotik device, simply select "Enable temporary access" in "Login with Social Network" field of Captive Portal settings.With other firmware instead will be essential to include the urls used by the Social Network in the Allowed Sites of the location. At this scope just click on the social network icons present in the Location settings.

The below script(s) (which can be scheduled to run after every 5 or X minutes) will create a address list which will contain facebook/youtube server ips and later a filter rule will block request going to these destinations (using address list). To create this address list, it is required that your users must be using your mikrotik DNS as their primary dns , or make a dst-nat rule that forcefully route user dns (udp 53) requests to local mikrotik dns.

yeah its work but, how about configuration inside nextdns link over https? i test it and mikrotik log always says DoH server connection error, resolving error. , about 1 minutes after apply dns. just test it with your config inside nextdns. and see what wrong with that

[admin@DOH DNS Server] > ping v6.facebook.com invalid value for argument address: invalid value of mac-address, mac address required invalid value for argument ipv6-address while resolving ip-address: name does not exist

wifihotspot.iocdn.wifihotspot.iocdn.starthotspot.com*.starthotspot.com*t-msedge.netstatic.cloudflareinsights.com13.92.228.22813.90.247.20040.117.190.7240.121.151.4*facebook**facebook.net*googleapis*

wifihotspot.iocdn.wifihotspot.iocdn.starthotspot.comstarthotspot.com13.92.228.22813.90.247.20040.117.190.7240.121.151.4facebook.comfacebook.nettwitter.cominstagram.comgoogle.comyoutube.com

From time to time, you may want to remove a device from the network. You cannot permanently remove them from the network, but once they have been disconnected, they will be presented with the login screen once again and asked to reauthenticate.

I have an interesting scenario which I cant seem to find a solution to. I am hoping the community will be able to point me in the right direction. I need to block facebook messenger on a wifi network. To be more specific I need to block the facebook messenger (android & apple) application while mobile devices are on our wireless network. I have successfully blocked facebook web chat in the browser, but mobile devices on our wifi are still able access messenger. I dont want to block HTTPS completely, as many services utilize HTTPS. I dont want to block the entire facebook.com either since there is a need to use facebook.

Does anyone know what port the facebook messenger (android & apple) app uses to communicate? I read facebook implemented MQTT which uses 1883 and 8883 for SSL communications. However blocking these ports has had no impact. Maybe the app has hard coded IP addresses which it uses to avoid using DNS. If so, using DNS filters (i.e. OpenDNS) would not work. I would appreciate any insight anybody has regarding this matter. Thank you.

To be honest I dont know which one of these blocks accomplished my goal, but as of now when you log into facebook the chat window at the bottom shows "disconnected". This is a win in my book. Navigating the site has not presented any problems thus far.

The facebook messenger app however has not been effected. I would like to thank @Chris75 for his recommendation. I have enabled Instant Messaging on my OpenDNS and I will test to see if this resolves my problem. I have to admit there is VERY little information regarding how the facebook apps operate. Short of utilizing a major UTM appliance (i.e. Watchguard) I was stumped. Blocking HTTPS works, but in this scenario I need to excise the disease not cut off the limb.

For those of you whom are curious I have some additional information regarding this topic. First let me address the last question. By blocking the domains I mentioned the apps were unaffected. Blocking the domains I mentioned only prevented users from using facebook chat in their browsers. Upon initial login to facebook it looks like you are connected to chat, but then a few seconds later it shows you disconnected. Works great.

The trade off is that apps that need to connect to Facebook will be unable to connect as well. Now let me be clear, by blocking these two domains you will not effect the Facebook app. This will block the facebook messenger app. If you want to make sure the facebook app has no problems you can whitelist graph.facebook.com.

The GIS-R4 Hotspot Gateway allows you to safely and securely share your internet connection with your guests. You can also capture user data, promote your brand and offer promotions to your guests. With a range of different login options, you can choose how you want to provide internet access. Set time, data and bandwidth limits per user from any device connected to your network

Peer to Peer Blocking Works with any Access Point Fully customizable login page Access Code login Set bandwitdh limits per userCloud Management Data limitsMulti WAN - Load balancing and failoverRobust firewall Facebook login Email and data collection Content filtering 2ff7e9595c