X
Tap here to go to the mobile version of the site.

Support Forum

http://detectportal.firefox.com/ is hammering our firewalls

Posted

Originally posted this issue at http://forums.mozillazine.org/viewtopic.php?f=9&t=3030018 And was redirected here for enterprise assistance. Hopefully a support engineer can assist with this

In our environment we have many hundreds of clients/visitors that heavily use the web. Needless to say that Firefox is one of the most used web clients. :-)

We noticed a continuous hit on our firewalls which took it's toll on the cpus as the request to hhttp://detectportal.firefox.com/success.txt is from every Firefox browser installed on the desktops/laptops/etc every 3 seconds or so. ](*,) As a workaround we've allowed through the firewall an ever growing list of IP addresses and that is plain ridiculous and simply unmanageable.

Are your network gurus/engineers going to implement solutions such as anycast to alleviate this flawed implementation of a simple service as it has been in use for quite sometime now by for example Apple, Google, etc... For example if you ping 8.8.8.8, it's very likely hosted in a datacentre near your town. Will you consider anycast towards detectportal.firefox.com?

Please advise. Thanks in advance.

Originally posted this issue at http://forums.mozillazine.org/viewtopic.php?f=9&t=3030018 And was redirected here for enterprise assistance. Hopefully a support engineer can assist with this In our environment we have many hundreds of clients/visitors that heavily use the web. Needless to say that Firefox is one of the most used web clients. :-) We noticed a continuous hit on our firewalls which took it's toll on the cpus as the request to hhttp://detectportal.firefox.com/success.txt is from every Firefox browser installed on the desktops/laptops/etc every 3 seconds or so. ](*,) As a workaround we've allowed through the firewall an ever growing list of IP addresses and that is plain ridiculous and simply unmanageable. Are your network gurus/engineers going to implement solutions such as anycast to alleviate this flawed implementation of a simple service as it has been in use for quite sometime now by for example Apple, Google, etc... For example if you ping 8.8.8.8, it's very likely hosted in a datacentre near your town. Will you consider anycast towards detectportal.firefox.com? Please advise. Thanks in advance.

Additional System Details

Installed Plug-ins

  • The IcedTea-Web Plugin executes Java applets.
  • Shockwave Flash 22.0 r0

Application

  • User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0

More Information

cor-el
  • Top 10 Contributor
  • Moderator
17670 solutions 159841 answers

You can set network.captive-portal-service.enabled to false on the about:config page or use mozilla.cfg to lock this pref to false.

//
lockpref("network.captive-portal-service.enabled", false);

See Configuration:

You can set <b>network.captive-portal-service.enabled</b> to false on the <b>about:config</b> page or use mozilla.cfg to lock this pref to false. <pre><nowiki>// lockpref("network.captive-portal-service.enabled", false); </nowiki></pre> See Configuration: *https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment

Question owner

cor-el said

You can set network.captive-portal-service.enabled to false on the about:config page or use mozilla.cfg to lock this pref to false.
//
lockpref("network.captive-portal-service.enabled", false);

See Configuration:

Hi,

Really appreciate the update. Our local software dev gurus sure will make use of this info towards our desktops/laptops. But as we have visitors and lots of them, they do bring their own devices. Perhaps there is a better solution (maybe anycast dns) your network gurus could come up with? Thanks in advance.

''cor-el [[#answer-966037|said]]'' <blockquote> You can set <b>network.captive-portal-service.enabled</b> to false on the <b>about:config</b> page or use mozilla.cfg to lock this pref to false. <pre><nowiki>// lockpref("network.captive-portal-service.enabled", false); </nowiki></pre> See Configuration: *https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment </blockquote> Hi, Really appreciate the update. Our local software dev gurus sure will make use of this info towards our desktops/laptops. But as we have visitors and lots of them, they do bring their own devices. Perhaps there is a better solution (maybe anycast dns) your network gurus could come up with? Thanks in advance.