Skip to content
Social WiFi Academy

White label hardware configuration guide

To enable users to log in using the white label domain instead of socialwifi.com, several changes in the network configuration are necessary. The primary changes involve setting the appropriate “redirect URL” and configuring the “Walled Garden” (or its equivalent, depending on the vendor).

General Changes

Redirect URL

The URL for redirection to the captive portal login screen must be changed to point to the white label domain.

Walled Garden

Update the “walled garden” (or equivalent feature) configuration to include the white label domain. There are two entries that need to change:

Depending on the hardware vendor, the first entry above might look differently and require changing in one of the following formats:

or:

Vendor specific changes

This section will describe the changes needed for most commonly used network vendors. It will also include detailed examples. It is assumed that the default configuration for Social WiFi has been already done.

UniFi

Go to the Hotspot Settings -> Landing Page -> Settings. Under the Domain Checkbox, change the “Domain” field:

Next, under the Authorization Access section, edit the first two Pre-Authorization Allowances domains:

2024-06-11_15-01.png

MikroTik

First, run this script to download files for the white label domain. Make sure to change the first line in the script from https://login.your-wifi-brand.com/(…) to the white label domain.

{
    :local downloadEndpoint "https://login.your-wifi-brand.com/installation/mikrotik/download";
    :local fileNames {"login.html"; "rlogin.html"; "alogin.html"; "flogin.html"; "md5.js"}
    :local destinationDirectory "";
    :if ([:len [/file find name="flash" type="disk"]] > 0) do={
        :set destinationDirectory "/flash/";
    }
    :local ether1Mac ([/interface get [find name="ether1"]]->"mac-address");
    :foreach fileName in=$fileNames do={
        :put "Downloading file: $downloadEndpoint/$fileName\?mac=$ether1Mac"
        /tool fetch url="$downloadEndpoint/$fileName\?mac=$ether1Mac" dst-path="$destinationDirectory$fileName"
    }
}

Next, change the Walled Garden entries. Run the script below to remove all the current entries and add the new ones.

/ip hotspot walled-garden
remove [find dynamic=no]


/ip hotspot walled-garden
add comment="Allow captive portal main service." dst-host=*.your-wifi-brand.com
add comment="Allow captive portal main service." dst-host=login.hotspot-login.com
add comment="Allow YouTube widget." dst-host=*.youtube.com
add comment="Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.youtube.com." dst-host=youtube-ui.l.google.com
add comment="Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow img.youtube.com." dst-host=ytimg.l.google.com
add comment="Allow YouTube widget." dst-host=*.ytimg.com
add comment="Allow YouTube widget." dst-host=*.googlevideo.com
add comment="Allow YouTube widget." dst-host=yt3.ggpht.com
add comment="Allow YouTube widget. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow yt3.ggpht.com." dst-host=*.l.googleusercontent.com
add comment="Allow Facebook remarketing pixel." dst-host=*.facebook.com
add comment="Allow Facebook remarketing pixel." dst-host=connect.facebook.net
add comment="Allow Facebook remarketing pixel. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow connect.facebook.net." dst-host=*.fbcdn.net
add comment="Allow Google remarketing tag." dst-host=www.googletagmanager.com
add comment="Allow Google remarketing tag. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.googletagmanager.com." dst-host=www-googletagmanager.l.google.com
add comment="Allow Google remarketing tag." dst-host=www.googleadservices.com
add comment="Allow Google remarketing tag. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.googleadservices.com." dst-host=pagead*.l.doubleclick.net
add comment="Allow Google remarketing tag." dst-host=www.google.*
add comment="Allow login with Facebook." dst-host=facebook.com
add comment="Allow login with Facebook." dst-host=*.facebook.com
add comment="Allow login with Facebook." dst-host=*.fbcdn.net
add comment="Allow login with Google." dst-host=accounts.google.*
add comment="Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow accounts.google.co.uk and other regional versions." dst-host=accounts-cctld.l.google.com
add comment="Allow login with Google." dst-host=ssl.gstatic.com
add comment="Allow login with Google." dst-host=fonts.gstatic.com
add comment="Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow fonts.gstatic.com." dst-host=gstaticadssl.l.google.com
add comment="Allow login with Google." dst-host=fonts.google.com
add comment="Allow login with Google." dst-host=accounts.youtube.com
add comment="Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow accounts.youtube.com." dst-host=www3.l.google.com
add comment="Allow login with Google." dst-host=content.googleapis.com
add comment="Allow login with Google." dst-host=apis.google.com
add comment="Allow login with Google. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow apis.google.com." dst-host=plus.l.google.com
add comment="Allow login with Google." dst-host=play.google.com
add comment="Allow login with Google." dst-host=www.google.com
add comment="Allow login with LinkedIn." dst-host=linkedin.com
add comment="Allow login with LinkedIn." dst-host=*.linkedin.com
add comment="Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.linkedin.com." dst-host=*.l-msedge.net
add comment="Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow www.linkedin.com." dst-host=*.dc-msedge.net
add comment="Allow login with LinkedIn." dst-host=*.licdn.com
add comment="Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow static-exp1.licdn.com." dst-host=*.epsiloncdn.net
add comment="Allow login with LinkedIn. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow static-exp1.licdn.com." dst-host=*.akamai.net
add comment="Allow login with Twitter." dst-host=twitter.com
add comment="Allow login with Twitter." dst-host=api.twitter.com
add comment="Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow api.twitter.com." dst-host=*.twitter.com
add comment="Allow login with Twitter." dst-host=*.twimg.com
add comment="Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow abs.twimg.com, pbs.twimg.com." dst-host=*.edgecastcdn.net
add comment="Allow login with Twitter. It's a workaround for Mikrotik walled garden bug with CNAME in DNS response. Required to allow abs.twimg.com, pbs.twimg.com." dst-host=*.akahost.net


/ip hotspot walled-garden ip
add action=accept disabled=no dst-address=35.190.70.141 !dst-address-list !dst-port !protocol !src-address !src-address-list


/

After completing all these steps, the login process will take place in the white label domain instead of “socialwifi.com”.