Is there a list of IP addresses to which detectportal.firefox.com resolves to?
Categories
(Cloud Services :: Operations: Miscellaneous, enhancement)
Tracking
(Not tracked)
People
(Reporter: nkozul, Assigned: oremj)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Steps to reproduce:
Trying to get a definitive list of a few IP addresses which are pointed at from detectportal.firefox.com.
Actual results:
They change all the time and I'm assuming they're being served from a CDN. Which is to be expected. But...
Expected results:
...I'm trying to get a list of a few IPs which are guaranteed to have detectportal.firefox.com/success.txt available on them.
Why?
We're trying to roll out a captive portal detection feature for Firefox Private Network VPN for Windows. Currently, when someone connects to a VPN and is on a captive portal network, they won't know if that's the case and the VPN connection will simply not work.
Before we connect, we may specify different routes for a few IPs which are not to be routed through the VPN tunnel, so that we can facilitate the detection ourselves and check out if queries to these IPs are getting redirected or not. But for these routes to work, we need hard, static IP addresses. Sure, we can query detectportal.firefox.com beforehand and use that, but this leaves us vulnerable to hijacked DNS requests, especially if someone starts up the VPN app on a captive portal network before attempting to connect.
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 1•5 years ago
|
||
I can't do this without changing the architecture of detectportal. I could add an SSL cert to detectportal that we could validate to avoid the problem of DNS hijacking. Would that work for you?
Apologies for the late reply. And yes, an SSL cert would hit the spot!
|
|
Assignee | |
Comment 3•5 years ago
|
||
I've added a certificate.
Description
•