-7

I'm working for a small ISP and I'm trying to figure out how I can add a frame window to all websites that all users on our network see, so that we can promote faster speeds / notify users of downtime. I've seen this done by some ISPs, where they add a frame at the top of a website that you can opt out of, and I'm curious to know how this could be accomplished. So far, my best guess is that:

  1. Some sort of proxy system (SQUID?) is involved that rewrites HTML or appends to html code as it comes through
  2. -or- Some sort of firewall system handles the traffic
  3. -or- Something like an actual web proxy handles everything. (Apache's mod_proxy?)
  4. -or- A captive portal?

Is there any kind of automated solution for all this? Also, are there open source projects that might accomplish something like this? I saw PacketFence, but I'm not looking to authenticate end users.

Edit:

I want a NON-PERMANENT solution, something that can occur temporarily. I don't want to permanently add a bar to the top of everyone's website.

Timothy
  • 307
  • 1
  • 5
  • 6
    This sounds completely unethical and irresponsible. An ISP has no business mucking with anything above layer 3. – JakePaulus Aug 05 '11 at 22:16
  • 3
    I have to agree with Jake. If I were a customer of yours and you started doing that to websites I visited, I'd cancel my service in a heartbeat. – SmallClanger Aug 05 '11 at 22:17
  • Explain how it is unethical? The user should have the option to opt out, and if you're caching their web traffic anyway (which many ISPs) do, I fail to see how this could be any more unethical. I'm not saying I want to track users, I simply want to notify them of upgrades to their account / downtime. – Timothy Aug 05 '11 at 22:26
  • 2
    Are you going to compensate everyone whose websites you're hijacking for the loss of income due to users from your ISP going "WTF is this?" and closing their browsers? What about when you break someone's site layout and their pages look like balls because of the crap you injected? Follow @JakePaulus' advice and STAY THE HELL OUT OF MY LAYER 7. You're also being disingenuous: in your comment, you said it's to "notify people of ... downtime", yet in your question you explicitly talk about upselling customers on faster service. – womble Aug 05 '11 at 22:38
  • @womble, your comment is hardly helpful. Several large ISPs already do this, and many ISPs require device registration pages that do something similar to what I'm asking. – Timothy Aug 05 '11 at 22:40
  • I think it's just a misunderstanding. You want to manipulate YOUR website for your customers. And not the customer's websites! Otherwise you would bother the client's clients and your client's wouldn't even watch for your advertisement. – mailq Aug 05 '11 at 22:42
  • 2
    @Timothy: Can you site the large ISP's that do this and provide us with examples? – joeqwerty Aug 05 '11 at 22:43
  • Something like that, mailq. I used to be a customer with CableOne, and what they had was a small frame added to the first website you'd visit to notify you of a change to your account / network downtime. I'm not looking for something that permanently hijacks all websites for anyone on the network. – Timothy Aug 05 '11 at 22:44
  • @Timothy: Device registration pages are not the same thing as modifying the HTML of every website a user visits to add your own advertisements. One upside to this, though, I guess, would be that you'd greatly increase the demand for SSL-enabled websites... – womble Aug 05 '11 at 22:45
  • @Womble, Fail to see what swearing brings to the conversation. – Timothy Aug 05 '11 at 22:47
  • The utter revulsion that your idea (and subsequent dissimulation) engenders cannot be sufficiently expressed using lesser words. – womble Aug 05 '11 at 22:49
  • @Womble, Still an unprofessional and highly charged response, given that it was simply a question with the best intentions-- to provide customers information about downtime or changes to their account-- information they'd most likely want to know about. If I was suddenly upgraded from 3meg to 5 meg for free, I'd at least like a notification. – Timothy Aug 05 '11 at 22:54
  • 1
    @Timothy: I guess we are all fed up with ISP's who give themselves the right to stuff like that, or Deep Packet Inspection or whatever. Your job as an ISP is to route packets to and from the user. Nothing else. – Sven Aug 05 '11 at 22:59
  • "Unprofessional"? What do you call modifying third-party websites to insert your own advertising? "Good business", probably. Ordinary customers don't care how fast their Internets is, they just want it to work. I'm sure you'd like to tell them about it, but for the same reasons that AV software keeps popping up "hey, look, I found a virus for you! You should keep paying for me!" notices, and equally annoying. – womble Aug 05 '11 at 23:00
  • ethical issues aside, what scale are we talking about? What you want to do is completely possible (i've done it as a april fool's day joke @ an old job) but if we're talking about needing to do that on all web page requests at 100mbps, thats another story... Give us more information please. – grufftech Aug 05 '11 at 23:02
  • @SvenW As an end-user myself though, I'd like to be notified when a service I pay for will be unavailable. Ideally, what I was looking for was an automated solution to temporarily provide a frame around a website for notifying users of downtime, rather than waiting for hundreds of users to flood our call center. – Timothy Aug 05 '11 at 23:15
  • Still waiting for that list of "large ISPs" that modify their customer's HTML responses... – womble Aug 05 '11 at 23:17
  • 1
    @Womble, even if I posted a list of ISPs that perform shady practices such as DNS hijacking, what good will that do you? I doubt e-mailing their network support and letting them know that your layer 7 is not to be messed with will change anything. – Timothy Aug 05 '11 at 23:26
  • It's unprofessional to make claims to try and support your unethical practices that you can't back up with facts. – womble Aug 05 '11 at 23:31
  • @Womble, Very well. http://en.wikipedia.org/wiki/DNS_hijacking#Manipulation_by_ISPs – Timothy Aug 05 '11 at 23:35
  • I think the downvotes can stop. The point has been made. I don't think Timothy's intentions were malicious in intention and further downvoting doesn't serve any purpose other than to kick a man when he's down. – joeqwerty Aug 05 '11 at 23:39
  • That doesn't appear to be a list of ISPs who manipulate HTML in transit. – womble Aug 05 '11 at 23:39
  • DNS manipulation is still an application layer protocol. Saying that HTML editing is worse than DNS manipulation is a non-starter. – Timothy Aug 05 '11 at 23:44
  • Yes, DNS manipulation is also unacceptable, and if anyone asked a question on how to implement that they'd get the same reception. But you defended your plans by saying that several large ISPs already did the same thing you want to do; you didn't attempt to claim any equivalence of bad behaviour until you were asked to substantiate your claim. – womble Aug 05 '11 at 23:54

3 Answers3

4

Notify your customers via email and/or your own web site. Don't hijack their browser to use as your advertising/notification platform. It may or may not be unethical but it's a bad business model and it smacks of a 1999 era idea of what an ISP should and shouldn't do.

If I were a customer and you did that to me I would most assuredly take my business elsewhere.

I know your intentions are well meaning but the idea is in bad taste and bad form.

From Wikipedia: Primum non nocere

http://en.wikipedia.org/wiki/Primum_non_nocere

EDIT:

You're getting a pretty harsh response to your question, which speaks to it's level of unpopularity, but I hope that doesn't discourage you from sticking around and asking other questions, providing answers and comments, and being a part of our "community". We all take our lumps from time to time.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • The problem is that we don't have everyone's e-mail address. The website is an option, I suppose, but we'd like a better notification system. Thanks for a civil response, though. – Timothy Aug 05 '11 at 22:51
  • Glad to help. Hopefully you're not too discouraged by the responses you've gotten. You hit on a sensitive spot. – joeqwerty Aug 05 '11 at 23:07
  • Not at all, though I wasn't expecting quite the response that I've received. Thanks for the help. – Timothy Aug 05 '11 at 23:27
  • I think it's happened to me once or twice. :) – joeqwerty Aug 05 '11 at 23:41
3

Of the options you listed a captive portal seems like the least evil. With a captive protal you aren't framing content, you simply use DNS/DHCP hacks to redirect the user to your own web site when they attempt to visit a page.

There are many guides on the Interwebs about how to setup a captive portal system.

Most of the common Linux firewall distributions support a captive portal setup. This is commonly used for WIFI hotspots, schools, hotel networks, and so on.

Messing around with trying to add a frame is generally considered to be needlessly intrusive these days. I believe there where even some lawsuits in the past against ISPs that tried to do this.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • A captive portal would work for what I need to accomplish, but I guess I just figured a customer would prefer to be taken to their website rather than redirected to a different website, and have to click through something to get where they were going. Can you recommend any captive portals that would simply provide a one time page to a customer, and then allow them to continue on to wherever they originally intended to go? – Timothy Aug 05 '11 at 22:56
  • 1
    Here's the problem with using a captive portal in your situation: A captive portal is great when a user is a guest on a particular network and are aware that they are a guest, such as in an airport or a coffee shop. It's not such a great idea when the user is not a guest, such as when they're at home browsing the internet via an ISP that they pay a monthly fee to for the priveledge of said internet access. I just don't think this is going to sit well with your users. – joeqwerty Aug 05 '11 at 23:04
  • My main experience with captive portal software has been on stuff integrated into the WIFI systems I manage (Aruba), and one obscure one (http://usemynet.com/wi-fi-gateway-software). See the list on wikipedia http://en.wikipedia.org/wiki/Captive_portal#Software_captive_portalsfor some options. – Zoredache Aug 05 '11 at 23:05
  • That's why I didn't want to go with a captive portal, because I'm not sure how I could make it such that the subscriber only sees the page *once*. The thing with the frames is that I figured I could give the user a notification, they'd see their page they intended to go to, and click "Opt out of notifications" and not receive any again in the future. – Timothy Aug 05 '11 at 23:06
  • @joeqwerty, I agree with you generally, but I am not sure the average person (not super users like us) would really mind being stopped by a captive portal if it was very infrequent. – Zoredache Aug 05 '11 at 23:07
  • @Timothy, if you are concerned about the specific implementation details about a captive portal setup, you might want to re-ask that as a separate question. – Zoredache Aug 05 '11 at 23:11
  • @Timothy: I totally get what you're trying to accomplish, it's just that consumers don't like to feel like they're being controlled and manipulated (even if they are). If the water company flashed a message on my bathroom mirror every time I turned on the faucet, I would dig a well in my backyard. Even if they only flashed the message infrequently, I would bristle at the idea. I know they provide my water because I pay the bill every month, I don't need them to remind me or offer other services other than through their bill and the advertisements they stuff in the envelope. – joeqwerty Aug 05 '11 at 23:11
  • @Joeqwerty, Thanks, I'll make that suggestion to our billing department / marketing departments, maybe that'd be a good workaround for the time being. – Timothy Aug 05 '11 at 23:45
2

Personally I wouldn't do what your doing. However,

Doing this is perfectly possible with Squid, I've done it in the past (old job, april fools day joke at a very small web firm, only internal employees effected), however at the ISP level, you bound to run into a laundry list of problems, and i'm sure some legal problems in there too.

As an alternative, It might be easier to build a server that calls all your clients. Thats what my Local ISP does.

There's plenty of open-source PBX's out there (asterisk is the big one) that can easily be programmed to call out to a list of numbers (surely you have those on your customers, right?) and leave them a message (or play a recording) saying whatever message you need.

Personally, I prefer being contacted via Email first, then via Phone (or txt message). I wouldn't be thrilled if someone was injecting things into my webpages.

grufftech
  • 6,760
  • 4
  • 37
  • 37
  • 1
    Actually, I like this option, and since we're also a telephone company, this could work. Could this be accomplished with Asterisk maybe? – Timothy Aug 05 '11 at 23:11
  • Yep. There's a mirad of examples around the internet, and I personally have used asterisk for this exact purpose in the past. (kinda why i recommended it) Just as a tip, Check the laws wherever you are, sometimes there will be a case were if the recipient picks up and presses a number, you have to deliver them to a representative in a certain time period for outgoing automated calls. – grufftech Aug 05 '11 at 23:14
  • This sounds like a better idea to me, although you're probably going to rustle the feathers of people who don't like getting unsolicited phone calls. Still, it seems like a less manipulative and intrusive method. How do you bill your customers? Is there any way to accomplish what you need through the billing process? – joeqwerty Aug 05 '11 at 23:18
  • Via mail and via a 3rd party handler, I believe-- not really my department. That would help for free upgrades, but downtime obviously can't always be planned in advance. I'd prefer an e-mail option, truthfully, but it's difficult to get everyone's current e-mail without contacting them directly. – Timothy Aug 05 '11 at 23:23
  • Of the methods to proactively notify clients of downtime, Email / Phone / Mail (snail) blast will probably be best. I know a LOT of ISP's that just break things and when you call into support you get the "We are currently experiencing high call volumne and are aware of a networking issue effecting the greater x-city area and are working to fix this as quickly as possible, yada yada yada" – grufftech Aug 05 '11 at 23:28
  • that being said; most ISP's also have the means to do maintenance on network/whatever without effecting end clients. IF that means maintenance on a backhaul, move to a different one, ect. – grufftech Aug 05 '11 at 23:29
  • 2
    You know what I would do? I would send a notice with the next bill that you will be moving to an email notification system for communicating outages, upgrades, new services, etc. and inform the customers in the notice that if they want to participate in receiving these emails to send an email to you at notifications@yourcompany.com. That way you've given them an opt-in and performed your due dilligence. Any complaints after that are on the customer and you can simply request their email address for future notifications. – joeqwerty Aug 05 '11 at 23:32
  • 1
    Yeah, who takes customers offline for maintenance? For "unscheduled maintenance", if the customer's connection is down, then how are they going to be requesting webpages for you to manipulate to tell them that their Internet connection is down? – womble Aug 05 '11 at 23:33
  • @Womble, if a WAN link is down for the ISP, the ISP's network is still reachable for the customer. – Timothy Aug 05 '11 at 23:38
  • You have a non-redundant transit and/or core network? – womble Aug 05 '11 at 23:41
  • @Womble, What part of "small ISP" did you not understand? – Timothy Aug 05 '11 at 23:42
  • There's small, and then there's "unable to provide acceptable levels of service". Also, didn't you say you were a telco earlier? Do you have non-redundant trunks as well? – womble Aug 05 '11 at 23:48
  • @Womble, We have redundant trunks, but unless you're willing to pay for redundant OC3's, I fail to see what your point is. I'm beginning to wonder if your outrage is related to Australia's Cleanfeed system. – Timothy Aug 05 '11 at 23:51
  • Your *customers* are paying for your redundant OC3s. Australia's cleanfeed system is an abhorrence, but it's unrelated to my dislike of companies failing to maintain basic standards of acceptable behaviour and service. – womble Aug 05 '11 at 23:58