230
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers
RouterOS v3 Configuration and User Guide
There can be multiple cookies with the same MAC address. For example, there will be a separate cookie
for each web browser on the same computer.
Cookies can expire - that's the way how it is supposed to be. Default validity time for cookies is
3
days
(72 hours), but it can be changed for each individual HotSpot server profile, for example :
/ip hotspot profile set default http-cookie-lifetime=1d
Example
To get the list of valid cookies:
[admin@AT-WR4562] ip hotspot cookie> print
# USER DOMAIN MAC-ADDRESS EXPIRES-IN
0 ex 01:23:45:67:89:AB 23h54m16s
[admin@AT-WR4562] ip hotspot cookie>
10.3.3
HTTP-level Walled Garden
Submenu level:
/ip hotspot walled-garden
Description
Walled garden is a system which allows unauthorized use of some resources, but requires authorization
to access other resources. This is useful, for example, to give access to some general information about
HotSpot service provider or billing options.
This menu only manages Walled Garden for HTTP and HTTPS protocols. Other protocols can also be
included in Walled Garden, but that is configured elsewhere (in
/ip hotspot walled-garden ip
; see the
next section of this manual for details)
Property Description
action
(allow | deny; default:
allow
) - action to undertake if a request matches the rule:
allow
- allow the access to the page without prior authorization
deny
- authorization is required to access this page
dst-address
(
read-only: IP address
) - IP address of the destination web server (installed by IP-level walled
garden)
dst-host
(
wildcard
; default:
""
) - domain name of the destination web server
dst-port
(
integer
; default:
""
) - the TCP port a client has send the request to
hits
(
read-only: integer
) - how many times has this rule been used
method
(
text
) - HTTP method of the request
path
(
wildcard
; default:
""
) - the path of the request
server
(
name
) - name of the HotSpot server this rule applies to
src-address
(
IP address
) - IP address of the user sending the request
Wildcard properties (
dst-host
and
dst-path
) match a complete string (i.e., they will not match
"example.com" if they are set to "example"). Available wildcards are '*' (match any number of any
characters) and '?' (match any one character). Regular expressions are also accepted here, but if the
property should be treated as a regular expression, it should start with a colon (':').
Small hits in using regular expressions:
\\
symbol sequence is used to enter
\
character in console
\.
pattern means
.
only (in regular expressions single dot in pattern means any symbol)
to show that no symbols are allowed before the given pattern, we use
^
symbol at the beginning of
the pattern
to specify that no symbols are allowed after the given pattern, we use
$
symbol at the end of the pattern
You can not use
path
property for HTTPS requests as router can not (and should not - that is what the
HTTPS protocol was made for!) decrypt the request.