http://detectportal.firefox.com/ is hammering our firewalls
-
- Posts: 6
- Joined: May 4th, 2017, 4:09 pm
http://detectportal.firefox.com/ is hammering our firewalls
Hi Support,
In our environment we have many hundreds of clients/visitors that heavily use the web.
Needless to say that Firefox is one of the most used web clients.
We noticed a continuous hit on our firewalls which took it's toll on the cpus as the request to hhttp://detectportal.firefox.com/success.txt is from every Firefox browser installed on the desktops/laptops/etc every 3 seconds or so.
As a workaround we've allowed through the firewall an ever growing list of IP addresses and that is plain ridiculous and simply unmanageable.
Are your network gurus/engineers going to implement solutions such as anycast to alleviate this flawed implementation of a simple service as it has been in use for quite sometime now by for example Apple, Google, etc...
For example if you ping 8.8.8.8, it's very likely hosted in a datacentre near your town.
Will you consider anycast towards detectportal.firefox.com?
Please advise.
Thanks in advance.
Yves
In our environment we have many hundreds of clients/visitors that heavily use the web.
Needless to say that Firefox is one of the most used web clients.
We noticed a continuous hit on our firewalls which took it's toll on the cpus as the request to hhttp://detectportal.firefox.com/success.txt is from every Firefox browser installed on the desktops/laptops/etc every 3 seconds or so.
As a workaround we've allowed through the firewall an ever growing list of IP addresses and that is plain ridiculous and simply unmanageable.
Are your network gurus/engineers going to implement solutions such as anycast to alleviate this flawed implementation of a simple service as it has been in use for quite sometime now by for example Apple, Google, etc...
For example if you ping 8.8.8.8, it's very likely hosted in a datacentre near your town.
Will you consider anycast towards detectportal.firefox.com?
Please advise.
Thanks in advance.
Yves
- James
- Moderator
- Posts: 28005
- Joined: June 18th, 2003, 3:07 pm
- Location: Made in Canada
Re: http://detectportal.firefox.com/ is hammering our firewa
In about:config you can toggle network.captive-portal-service.enabled to false if it is set to true.oldfirefoxuser69 wrote:Are your network gurus/engineers...
Will you consider...
See http://www.mozillazine.org/about/
-
- Posts: 6
- Joined: May 4th, 2017, 4:09 pm
Re: http://detectportal.firefox.com/ is hammering our firewa
James wrote: In about:config you can toggle network.captive-portal-service.enabled to false if it is set to true.
Perhaps on my desktop/laptop, yes.
I do dabble and can/have done it.
But for any environment that has large number of clients/visitors, obviously Mozilla/Firefox is used in the enterprise.
Anycast is one of the solutions to alleviate the impact this captiveportal has on the infrastructures but perhaps the Mozilla/Firefox team can have other solutions instead of telling each individual client to "toggle the about:config" fields.
Please advise.
- LIMPET235
- Moderator
- Posts: 39956
- Joined: October 19th, 2007, 1:53 am
- Location: The South Coast of N.S.W. Oz.
Re: http://detectportal.firefox.com/ is hammering our firewa
Hi,
Please be advised that this forum is not mozilla.org/.com. Check the last entry in the RH column. --------------------------->>>
We are a user-to-user help site.
James posted the link/s for you, so that you might understand why "we" cannot do anything with Firefox.
May I suggest that you go to the Official support site & pose your question/request there...
> https://support.mozilla.org/en-US/questions
Please be advised that this forum is not mozilla.org/.com. Check the last entry in the RH column. --------------------------->>>
We are a user-to-user help site.
James posted the link/s for you, so that you might understand why "we" cannot do anything with Firefox.
May I suggest that you go to the Official support site & pose your question/request there...
> https://support.mozilla.org/en-US/questions
[Ancient Amateur Astronomer.]
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.
(Always choose the "Custom" Install.)
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.
(Always choose the "Custom" Install.)
-
- Posts: 6
- Joined: May 4th, 2017, 4:09 pm
Re: http://detectportal.firefox.com/ is hammering our firewa
Hi LIMPET235,LIMPET235 wrote:Hi,
Please be advised that this forum is not mozilla.org/.com. Check the last entry in the RH column. --------------------------->>>
We are a user-to-user help site.
James posted the link/s for you, so that you might understand why "we" cannot do anything with Firefox.
May I suggest that you go to the Official support site & pose your question/request there...
> https://support.mozilla.org/en-US/questions
Thanks for the info and apologies for the confusion.
Thought this was the site for getting in touch with the developpers and support techs.
I'll try the official link you’ve provided.
Cheers
- DanRaisch
- Moderator
- Posts: 127231
- Joined: September 23rd, 2004, 8:57 pm
- Location: Somewhere on the right coast
Re: http://detectportal.firefox.com/ is hammering our firewa
Don't be surprised to find that the official link is staffed by volunteers as well. There is no support site that leads directly to the developers and there are no paid support techs.
It should be possible to include a configuration file that would be distributed to each user's system to toggle that setting to false -- https://developer.mozilla.org/en-US/Fir ... deployment
It should be possible to include a configuration file that would be distributed to each user's system to toggle that setting to false -- https://developer.mozilla.org/en-US/Fir ... deployment
-
- Posts: 6
- Joined: May 4th, 2017, 4:09 pm
Re: http://detectportal.firefox.com/ is hammering our firewa
Thanks for the update.DanRaisch wrote:Don't be surprised to find that the official link is staffed by volunteers as well. There is no support site that leads directly to the developers and there are no paid support techs.
It should be possible to include a configuration file that would be distributed to each user's system to toggle that setting to false -- https://developer.mozilla.org/en-US/Fir ... deployment
It would be quite sad if they wouldn't investigate a better solution.
As a collective, we could even provide the network engineering assistance to help make it better.
If no answer comes from the official site, guess I'll have to put in a change request to locally dns black-hole the domain or similar
Hope you have a great week and don't work too hard!
- malliz
- Folder@Home
- Posts: 43796
- Joined: December 7th, 2002, 4:34 am
- Location: Australia
Re: http://detectportal.firefox.com/ is hammering our firewa
You could file a bug report on Bugzilla that would be seen by the devs and at least you would get a response
https://bugzilla.mozilla.org/
And
https://developer.mozilla.org/en-US/doc ... guidelines
https://bugzilla.mozilla.org/
And
https://developer.mozilla.org/en-US/doc ... guidelines
What sort of man would put a known criminal in charge of a major branch of government? Apart from, say, the average voter.
"Terry Pratchett"
"Terry Pratchett"
-
- Posts: 6
- Joined: May 4th, 2017, 4:09 pm
Re: http://detectportal.firefox.com/ is hammering our firewa
Thanksmalliz wrote:You could file a bug report on Bugzilla that would be seen by the devs and at least you would get a response
https://bugzilla.mozilla.org/
And
https://developer.mozilla.org/en-US/doc ... guidelines
-
- Posts: 695
- Joined: January 9th, 2017, 10:10 am
Re: http://detectportal.firefox.com/ is hammering our firewa
Then post a link to that bug here, so others can see it.oldfirefoxuser69 wrote:Thanksmalliz wrote:You could file a bug report on Bugzilla that would be seen by the devs and at least you would get a response
https://bugzilla.mozilla.org/
And
https://developer.mozilla.org/en-US/doc ... guidelines
-
- Posts: 6
- Joined: May 4th, 2017, 4:09 pm
Re: http://detectportal.firefox.com/ is hammering our firewa
This link is interesting:DN123ABC wrote:Then post a link to that bug here, so others can see it.oldfirefoxuser69 wrote:Thanksmalliz wrote:You could file a bug report on Bugzilla that would be seen by the devs and at least you would get a response
https://bugzilla.mozilla.org/
And
https://developer.mozilla.org/en-US/doc ... guidelines
https://bugzilla.mozilla.org/show_bug.cgi?id=1112330
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: http://detectportal.firefox.com/ is hammering our firewa
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
- Grumpus
- Posts: 13246
- Joined: October 19th, 2007, 4:23 am
- Location: ... Da' Swamp
Re: http://detectportal.firefox.com/ is hammering our firewa
This was/is a default setting from Ubuntu and some Linux Firefox versions to allow for connection in various locations to other wifi networks.
Ex: at a coffee shop where wifi is provided to the patrons as a courtesy, also some ISPs, where an access or password page is used.
Look at the following settings in about config - NOTE: canonical may be replaced by another OS provider name.
Modify and a space will provide the "0" for Integer and string values.
captivedetect.canonicalContent - make blank
captivedetect.canonicalURL - make blank
captivedetect.maxRetryCount - 0
captivedetect.maxWaitingTime - 0
captivedetect.pollingTime - 0
network.captive-portal-service.backoffFactor - make blank
network.captive-portal-service.enabled - false
network.captive-portal-service.maxInterval - 0
network.captive-portal-service.minInterval - 0
Ex: at a coffee shop where wifi is provided to the patrons as a courtesy, also some ISPs, where an access or password page is used.
Look at the following settings in about config - NOTE: canonical may be replaced by another OS provider name.
Modify and a space will provide the "0" for Integer and string values.
captivedetect.canonicalContent - make blank
captivedetect.canonicalURL - make blank
captivedetect.maxRetryCount - 0
captivedetect.maxWaitingTime - 0
captivedetect.pollingTime - 0
network.captive-portal-service.backoffFactor - make blank
network.captive-portal-service.enabled - false
network.captive-portal-service.maxInterval - 0
network.captive-portal-service.minInterval - 0
Doesn't matter what you say, it's wrong for a toaster to walk around the house and talk to you