What is Captive Portal?

Understanding Captive Portal

A captive portal is a web page that intercepts a new device's network traffic and forces the user to authenticate, register, or accept terms of use before granting internet access. It is the gateway you see on public Wi-Fi in hotels, airports, and cafes, providing access control, legal acknowledgment, and basic user accountability.

When a device joins the network, the gateway allows DNS and HTTP but redirects all web requests to the portal page, typically using an HTTP redirect or DNS interception. Modern operating systems detect this with captive portal detection probes (such as Apple's request to captive.apple.com or Android's connectivitycheck endpoints); an unexpected response signals a portal and auto-launches the sign-in page. Once the user submits credentials or accepts terms, the gateway whitelists the device's MAC or IP address and lifts the restriction.

Captive portals enforce acceptable-use policies, limit access to authorized or paying users, and create a record tying sessions to identities, which supports compliance and abuse investigation. However, they carry real risks: many portals run over plain HTTP, and because they intercept traffic, they normalize man-in-the-middle behavior and can be spoofed. An attacker can stand up a rogue access point with a cloned portal to harvest credentials, and MAC-based authorization is easily bypassed by spoofing an already-authorized address.

For example, a hotel guest connects to the Wi-Fi, and any website they open redirects to a branded login page asking for a room number and last name. After they accept the terms, the controller authorizes their device for 24 hours. A nearby attacker could broadcast an identically named SSID with a fake portal to capture those details, illustrating why users should avoid entering sensitive data on portal pages and prefer a VPN.