Captive Portal Basics: Why Hotel Wi-Fi Login Pages Break

You connected to the Wi-Fi. The login page never appeared. Here's why.

What is a captive portal?

When you connect to hotel, airport, or café Wi-Fi, you’re not immediately on the internet. The network puts you behind a captive portal — a web interception layer that forces you to a login or agreement page before allowing real internet access.

Here’s how it works:

1. You connect to the Wi-Fi
2. The router intercepts all your HTTP traffic and redirects it to the portal page
3. You log in or accept terms
4. The router marks your device as authenticated and lets real traffic through

The problem: the redirect relies on your device making an unencrypted HTTP request that the router can intercept. A surprising number of things can prevent that redirect from happening.

The five most common reasons the login page won’t appear

1. iCloud Private Relay is active

What it is: iCloud Private Relay routes your traffic through Apple’s proxy servers, masking your IP and encrypting your DNS queries.

Why it breaks captive portals: The portal can’t redirect encrypted proxy traffic. Your device appears to be connected, but the portal never sees you.

Fix: System Settings → Apple ID → iCloud → Private Relay → turn it off. Reconnect to the Wi-Fi after turning it off. Turn Private Relay back on once you’re authenticated.

2. Custom DNS is configured

What it is: Many people configure their Mac to use Cloudflare (1.1.1.1), Google (8.8.8.8), or similar resolvers instead of the network’s DNS.

Why it breaks captive portals: Portals rely on DNS hijacking to redirect you to the login page. Custom resolvers bypass the network’s DNS, so the redirect never happens.

Fix: System Settings → Wi-Fi → (your network) → Details → DNS → remove custom entries. Restart the Wi-Fi connection.

3. Your VPN is connected

What it is: VPN software creates an encrypted tunnel that carries all your traffic.

Why it breaks captive portals: VPN traffic is encrypted and addressed to the VPN server, not the portal. The router can’t intercept or redirect it.

Fix: Disconnect your VPN before trying to authenticate. Reconnect once you’re through the portal.

4. Safari’s HTTPS upgrade is interfering

What it is: Safari and some other browsers automatically upgrade HTTP URLs to HTTPS.

Why it breaks captive portals: The portal’s redirect URL is HTTP. If your browser upgrades it to HTTPS before the portal can intercept it, the request goes nowhere.

Workaround: Use the built-in portal browser in Hotspot Guide, which loads http://captive.apple.com/hotspot-detect.html without HTTPS upgrading.

5. The OS captive portal detector misfired

What it is: macOS probes http://captive.apple.com/hotspot-detect.html when you join a network to detect if a portal is present. If that probe succeeds before the portal is ready — or if you joined the network earlier and the OS thinks you’re already authenticated — the portal popup never appears.

Workaround: Use the “Force Login Page” button in Hotspot Guide’s Diagnose tab. It re-triggers the probe regardless of the OS’s cached state.

The diagnostic checklist

Run these in order:

1. iCloud Private Relay — off?
2. VPN — disconnected?
3. DNS — set to automatic (network default)?
4. Proxy — none configured?
5. Force Login Page — have you tried opening http://captive.apple.com/hotspot-detect.html manually?

If all five pass and the login page still won’t load, the problem is likely on the network side — a misconfigured router, a portal that’s timing out, or a venue that requires you to call the front desk for an activation code.

After you’re online

• Turn iCloud Private Relay back on
• Reconnect your VPN
• Consider saving your portal credentials in Hotspot Guide so the next visit autofills your name and email

Get Hotspot Guide

Diagnose captive portal issues in seconds — even before you're online. $9.99, one-time purchase.