We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox usually blocks hotel network authentication web pages

more options

This use case is very common of course. Is there a quick/convenient way to override or bypass this when it occurs?

This issue is the main reason that FF is not my default browser. I have tried to use FF as my default several times, and always end up needing to use a different browser to gain access to hotel networks.

Firefox support team, if you are listening, PLEASE consider making how to bypass this 'protection' this easier and/or more apparent!

This use case is very common of course. Is there a quick/convenient way to override or bypass this when it occurs? This issue is the main reason that FF is not my default browser. I have tried to use FF as my default several times, and always end up needing to use a different browser to gain access to hotel networks. Firefox support team, if you are listening, PLEASE consider making how to bypass this 'protection' this easier and/or more apparent!

All Replies (9)

more options

What happens when you try to use the authentication page? Do you get the error described in this article: What do the security warning codes mean?

Since HTTPS pages usually do not work on an intercepted connection, I generally try visiting an HTTP address I haven't visited recently. Often you can just type abc or cbs or cnn in the address bar and press enter. http://example.com/ might also work.

more options

Or if you can't get to the authentication page at all, make sure you have not enabled the redirect block. You can check here:

  • Windows: "3-bar" menu button (or Tools menu) > Options
  • Mac: "3-bar" menu button (or Firefox menu) > Preferences
  • Linux: "3-bar" menu button (or Edit menu) > Preferences

In the left column, click Advanced. Then on the right side, with the "General" mini-tab active, make sure the following is not selected (box is not checked): "Warn me when websites try to redirect or reload the page"

more options

jscher2000 said

What happens when you try to use the authentication page? Do you get the error described in this article: What do the security warning codes mean? Since HTTPS pages usually do not work on an intercepted connection, I generally try visiting an HTTP address I haven't visited recently. Often you can just type abc or cbs or cnn in the address bar and press enter. http://example.com/ might also work.

Thank you for the reply. I have tried what you suggest in order to get FF or other browsers to attempt to load the authentication page. This usually works.

When attempting to access the authentication page, a message about the identify of the server cannot be confirmed is displayed, without the option which most browsers offer, to bypass the browser protection. So there seems to be no way to get the network authentication page to be displayed.

Thanks, and best regards.

more options

jscher2000 said

Or if you can't get to the authentication page at all, make sure you have not enabled the redirect block. You can check here:
  • Windows: "3-bar" menu button (or Tools menu) > Options
  • Mac: "3-bar" menu button (or Firefox menu) > Preferences
  • Linux: "3-bar" menu button (or Edit menu) > Preferences
In the left column, click Advanced. Then on the right side, with the "General" mini-tab active, make sure the following is not selected (box is not checked): "Warn me when websites try to redirect or reload the page"

Thanks for the reply. The option that you described is not checked.

more options

FL_Guy said

When attempting to access the authentication page, a message about the identify of the server cannot be confirmed is displayed, without the option which most browsers offer, to bypass the browser protection. So there seems to be no way to get the network authentication page to be displayed.

If you used the address of a site that sent the HTTPS Strict Transport Security (HSTS) header in a previous visit, there is indeed no bypass (no Add Exception button). This affects a lot of sites because it's a best practice. I don't think there is a way to modify that just for certain "men in the middle" and not others.

more options

Thanks. I just open a FF browser, and type the name of a common web site CNN, Yahoo or whatever to cause the network authentication page to be loaded. Seems like this should work, no?

more options

It depends on whether it's an HTTPS address that Firefox has visited before, which may be automatically requested on HTTPS again, or an HTTP address that wouldn't have this issue.

more options

Unless I'm mistaken, a search for Yahoo or CNN would return the http address, and not an https address.

more options

I think there are two possibilities for what happens when you type yahoo or cnn in the address bar:

(1) Autofill matches it with a previous top level address for the site. If the site uses HSTS, then it would be an HTTPS address. But you can see this in the drop-down where Firefox indicates what will happen when you press Enter (e.g., it will say "Visit" and have the URL).

(2) There's no autofill match and Firefox sends it to your default search engine. Usually the search engine plugins use HTTPS.

So in writing that I realized my suggesting to type abc would not work because by default Firefox will search a single word. Typing abc.com should work because it looks like a domain Firefox should load rather than a word it should search.