http://detectportal.firefox.com/ is hammering our firewalls

Discussion of bugs in Mozilla Firefox
Post Reply
oldfirefoxuser69
Posts: 6
Joined: May 4th, 2017, 4:09 pm

http://detectportal.firefox.com/ is hammering our firewalls

Post by oldfirefoxuser69 »

Hi Support,

In our environment we have many hundreds of clients/visitors that heavily use the web.
Needless to say that Firefox is one of the most used web clients. :-)

We noticed a continuous hit on our firewalls which took it's toll on the cpus as the request to hhttp://detectportal.firefox.com/success.txt is from every Firefox browser installed on the desktops/laptops/etc every 3 seconds or so. ](*,)
As a workaround we've allowed through the firewall an ever growing list of IP addresses and that is plain ridiculous and simply unmanageable.

Are your network gurus/engineers going to implement solutions such as anycast to alleviate this flawed implementation of a simple service as it has been in use for quite sometime now by for example Apple, Google, etc...
For example if you ping 8.8.8.8, it's very likely hosted in a datacentre near your town.
Will you consider anycast towards detectportal.firefox.com?

Please advise.
Thanks in advance.

Yves
User avatar
James
Moderator
Posts: 27999
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by James »

oldfirefoxuser69 wrote:Are your network gurus/engineers...
Will you consider...
In about:config you can toggle network.captive-portal-service.enabled to false if it is set to true.

See http://www.mozillazine.org/about/
oldfirefoxuser69
Posts: 6
Joined: May 4th, 2017, 4:09 pm

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by oldfirefoxuser69 »

James wrote: In about:config you can toggle network.captive-portal-service.enabled to false if it is set to true.
:shock:

Perhaps on my desktop/laptop, yes.
I do dabble and can/have done it.

But for any environment that has large number of clients/visitors, obviously Mozilla/Firefox is used in the enterprise. :D

Anycast is one of the solutions to alleviate the impact this captiveportal has on the infrastructures but perhaps the Mozilla/Firefox team can have other solutions instead of telling each individual client to "toggle the about:config" fields.
Please advise.
User avatar
LIMPET235
Moderator
Posts: 39932
Joined: October 19th, 2007, 1:53 am
Location: The South Coast of N.S.W. Oz.

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by LIMPET235 »

Hi,
Please be advised that this forum is not mozilla.org/.com. Check the last entry in the RH column. --------------------------->>>
We are a user-to-user help site.
James posted the link/s for you, so that you might understand why "we" cannot do anything with Firefox.
May I suggest that you go to the Official support site & pose your question/request there...
> https://support.mozilla.org/en-US/questions
[Ancient Amateur Astronomer.]
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.

(Always choose the "Custom" Install.)
oldfirefoxuser69
Posts: 6
Joined: May 4th, 2017, 4:09 pm

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by oldfirefoxuser69 »

LIMPET235 wrote:Hi,
Please be advised that this forum is not mozilla.org/.com. Check the last entry in the RH column. --------------------------->>>
We are a user-to-user help site.
James posted the link/s for you, so that you might understand why "we" cannot do anything with Firefox.
May I suggest that you go to the Official support site & pose your question/request there...
> https://support.mozilla.org/en-US/questions
Hi LIMPET235,
Thanks for the info and apologies for the confusion.
Thought this was the site for getting in touch with the developpers and support techs.
I'll try the official link you’ve provided.

Cheers
User avatar
DanRaisch
Moderator
Posts: 127185
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by DanRaisch »

Don't be surprised to find that the official link is staffed by volunteers as well. There is no support site that leads directly to the developers and there are no paid support techs.

It should be possible to include a configuration file that would be distributed to each user's system to toggle that setting to false -- https://developer.mozilla.org/en-US/Fir ... deployment
oldfirefoxuser69
Posts: 6
Joined: May 4th, 2017, 4:09 pm

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by oldfirefoxuser69 »

DanRaisch wrote:Don't be surprised to find that the official link is staffed by volunteers as well. There is no support site that leads directly to the developers and there are no paid support techs.

It should be possible to include a configuration file that would be distributed to each user's system to toggle that setting to false -- https://developer.mozilla.org/en-US/Fir ... deployment
Thanks for the update.
It would be quite sad if they wouldn't investigate a better solution.
As a collective, we could even provide the network engineering assistance to help make it better.

If no answer comes from the official site, guess I'll have to put in a change request to locally dns black-hole the domain or similar

Hope you have a great week and don't work too hard!
User avatar
malliz
Folder@Home
Posts: 43796
Joined: December 7th, 2002, 4:34 am
Location: Australia

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by malliz »

You could file a bug report on Bugzilla that would be seen by the devs and at least you would get a response
https://bugzilla.mozilla.org/
And
https://developer.mozilla.org/en-US/doc ... guidelines
What sort of man would put a known criminal in charge of a major branch of government? Apart from, say, the average voter.
"Terry Pratchett"
oldfirefoxuser69
Posts: 6
Joined: May 4th, 2017, 4:09 pm

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by oldfirefoxuser69 »

malliz wrote:You could file a bug report on Bugzilla that would be seen by the devs and at least you would get a response
https://bugzilla.mozilla.org/
And
https://developer.mozilla.org/en-US/doc ... guidelines
Thanks :-)
DN123ABC
Posts: 695
Joined: January 9th, 2017, 10:10 am

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by DN123ABC »

oldfirefoxuser69 wrote:
malliz wrote:You could file a bug report on Bugzilla that would be seen by the devs and at least you would get a response
https://bugzilla.mozilla.org/
And
https://developer.mozilla.org/en-US/doc ... guidelines
Thanks :-)
Then post a link to that bug here, so others can see it. ;-)
oldfirefoxuser69
Posts: 6
Joined: May 4th, 2017, 4:09 pm

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by oldfirefoxuser69 »

DN123ABC wrote:
oldfirefoxuser69 wrote:
malliz wrote:You could file a bug report on Bugzilla that would be seen by the devs and at least you would get a response
https://bugzilla.mozilla.org/
And
https://developer.mozilla.org/en-US/doc ... guidelines
Thanks :-)
Then post a link to that bug here, so others can see it. ;-)
This link is interesting:
https://bugzilla.mozilla.org/show_bug.cgi?id=1112330 #-o
User avatar
therube
Posts: 21698
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by therube »

Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
User avatar
Grumpus
Posts: 13236
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Re: http://detectportal.firefox.com/ is hammering our firewa

Post by Grumpus »

This was/is a default setting from Ubuntu and some Linux Firefox versions to allow for connection in various locations to other wifi networks.
Ex: at a coffee shop where wifi is provided to the patrons as a courtesy, also some ISPs, where an access or password page is used.
Look at the following settings in about config - NOTE: canonical may be replaced by another OS provider name.
Modify and a space will provide the "0" for Integer and string values.
captivedetect.canonicalContent - make blank
captivedetect.canonicalURL - make blank
captivedetect.maxRetryCount - 0
captivedetect.maxWaitingTime - 0
captivedetect.pollingTime - 0
network.captive-portal-service.backoffFactor - make blank
network.captive-portal-service.enabled - false
network.captive-portal-service.maxInterval - 0
network.captive-portal-service.minInterval - 0
Doesn't matter what you say, it's wrong for a toaster to walk around the house and talk to you
Post Reply