+39 02 94750217 sales@tanaza.com

ios 7 guide for the captive portal
The release of iOS 7 created a lot of issues to captive portal technology providers, splash pages desgners and hotspots in general.


Apple changed completely the way any iPhone performs the test to see if the device is connected behind a Captive Portal, so most implementations stopped working.

Here in Tanaza we collected all the devices that we had in our lab, as well as in the neighbours startups, and decided to spend one entire day to perform tests. We now are happy to share what we discovered in this knowledge base article, summarized in the following.

Captive Portal automatic detection, avoid login popups


When “Captive Portal” functionalities (alias “External Splash Page” in the Tanaza configuration) are enabled on an SSID , the access point filters all the requests sent by a client and allows/ denies the user access to internet based on a policy defined on the splash page.

In this scenario what happens is that when a user connects to that specific SSID, no matter what site he is asking for, the user will be redirected to the splash page defined in the tanaza configuration.

Since the users is not aware that he is not allowed access to internet, unless he opens a browser and tries to surf, all the Operative Systems (desktop and mobile ones) have developed a strategy through which they find out if they are behind a captive portal.
In case when they detect a captive portal a popup like brower is started asking the user to login to the captive portal.


These popup like brower can have some limitations (cookies not enabled, javascript disabled, anonimous session) and usually do not allow the user to experience a splash page correctly.

The best thing to do is to avoid these limited browsers to pop up, forcing the user to use a simple browser to access the splash page.

Another problem is that every Operative System (Windows, Macintosh, Android, iOs, …) has a different way of detecting the captive portal, making it difficult to disallow these limited browsers.

Apple changed the way any iPhone works with Captive Portals, so most wifi implementations stopped working
click to tweet


To solve this issues Tanaza offers an easy way to configure a Captive Portal, allowing to skip “Captive Portal automatic detection” for all kinds of Operative Systems. Therefore, allowing the customer to be sure that the user accesses the splash page with a fully featured browser, to allow cookie storing and javascript functionalities.

In the configuration section for SSID, next to the social login sets, you can find this button:

no popupsNO POPUPS

Clicking this button, your walled garden configuration will be filled by all the domain names that are needed to be white listed to avoid the login popups.

Currently this domain name set avoids login popups for the following O.S.:

  • Windows Desktop O.S.
  • iPhone 4/5 with iOS 6/7
  • Android

hostnames captive portal

In the next picture the walled garden configuration after the “Captive Portal automatic detection” is enabled.


In the following section you can find out to which O.S. each domain name is linked.

More details: Base captive portal auto detection strategy

All the O.S. use the same strategy to find out if they are behind a captive portal.
Usually they try to connect to well-known internet URL, of which they know the content.

If the wifi connection is up and running and the client is connected correctly to an ssid, if this well-known page cannot be downloaded, the O.S. suspects to be behind a captive portal.

We list all the different domains checked by the different O.S. types and version here:

Android Captive Portal Detection:

Domain names to white list:

  • clients3.google.com

iOS for iPhone:

iPhone is more complicated, since it uses many different domain names, maybe for load balancing. It also changed its strategy using different domain names through different O.S. versions.

iOS 6:

Domain names to white list:

  • gsp1.apple.com
  • *.akamaitechnologies.com
  • www.apple.com
  • apple.com

iOS 7:

Domain names to white list:

  • www.appleiphonecell.com
  • *.apple.com
  • www.itools.info
  • www.ibook.info
  • www.airport.us
  • www.thinkdifferent.us
  • *.apple.com.edgekey.net
  • *.akamaiedge.net
  • *.akamaitechnologies.com

Windows Desktop O.S.

Domain names to white list:

  • ipv6.msftncsi.com
  • ipv6.msftncsi.com.edgesuite.net
  • www.msftncsi.com
  • www.msftncsi.com.edgesuite.net
  • teredo.ipv6.microsoft.com
  • teredo.ipv6.microsoft.com.nsatc.net