Captive portal

Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement/acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by.

[1] Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots.

A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.

Depending on the feature set of the gateway, websites or TCP ports can be allow-listed so that the user would not have to interact with the captive portal in order to use them.

[2] Captive portals are primarily used in open wireless networks where the users are shown a welcome message informing them of the conditions of access (allowed ports, liability, etc.).

Access to the Internet over open Wi-Fi is prohibited until the user exchanges personal data by filling out a web-based registration form in a web browser.

This allows the provider of this service to display or send advertisements to users who connect to the Wi-Fi access point.

[6] The user can find many types of content in the captive portal, and it's frequent to allow access to the Internet in exchange for viewing content or performing a certain action (often, providing personal data to enable commercial contact); thus, the marketing use of the captive portal is a tool for lead generation (business contacts or potential clients).

This allows a client to bypass the captive portal and access the open Internet by tunneling arbitrary traffic within DNS packets.

User agents and supplemental applications such as Apple's Captive Portal Assistant can sometimes transparently bypass the display of captive portal content against the wishes of the service operator as long as they have access to correct credentials, or they may attempt to authenticate with incorrect or obsolete credentials, resulting in unintentional consequences such as accidental account locking.

For this reason some captive portal solutions created extended authentication mechanisms to limit the risk for usurpation.

An example of a captive web portal used to log onto a restricted network.