We have enabled web Auth for our public access on Cisco WLC 2504. It works fine. However, if a wireless user opens his email with download pictures website, he can’t get the picture download until he accept the web policy. Our users complaint about that. Here is our vendor reply.
"Our application makes requests to the internet to check for and download pictures, etc. The problem is that web requests are not permitted until a user has opened his/her web browser and attempted to go somewhere (e.g. google) so that your security system can redirect them to the authorization form where they must click the “accept” button. If the user has not done this yet, any functionality in our app that requires an internet connection won’t work because the security system is blocking the requests. Unfortunately, since they’re not in a web browser at the time, it doesn’t redirect them to the authorization page - the request simply fails since a redirect doesn’t have an effect on the application like it would a web browser. My ideal suggested remedy would be, if possible, to whitelist web requests to the server(s) where our code and/or images will live and let them get around that restriction. Otherwise, users won’t understand why the app isn’t working unless they try and open a web browser first – which is probably not something I’d expect them to do. With this solution, you could still ensure that nobody is accessing the internet at large without accepting your terms – but they could access your website as well as our application’s functionality seamlessly."
Can we setup whitelist or something like that on WLC? If yes, how?
Mostly used for externam webauth requirements.
Create a Preauthentication ACL
When using an external web server for web authentication, some of the WLC platforms need a pre-authentication ACL for the external web server (the Cisco 5500 Series Controller, a Cisco 2100 Series Controller ,Cisco 2000 series and the controller network module). For the other WLC platforms the pre-authentication ACL is not mandatory.