Earlier today the above popped up on some 10.9 Macs, iOS devices & even Android devices. Clicking “Cancel” would only stop the pop up for a few minutes & it would re-appear.
On the MacAdmins Slack a few mentioned seeing this, so the immediate thoughts of “OMG what has happened to my wireless” subsided.
In trying to figure it out, we isolated it to 10.9.5 clients.. & that’s about it.. (a brief period of blaming the latest Adobe Flash update just because of timing was disproved).
Anyways, people chimed in on Slack & offered this Reddit thread which showed few correlations, but mentioned “Captive Portals” & the mechanism that generated the page.
A Google later & this article helped to explain to me why we saw what we did (snippet below):
"When an Apple iOS device (iPhone, iPad, iPod) connects to a WiFi network, the first thing it does is make a request to the URL http://www.apple.com/library/test/success.html. Some twitters (like Adam Shostack) were commenting on this. I thought I'd explain what I've found out about it. The purpose of this request is to discover if there is a "captive portal" in the way. A captive portal is when, after connecting to the WiFi, any web request you makes gets redirected to a login/ToS page. In order to continue, you must either login with a username/password (or sign up, then login), and/or access the Terms of Service. The reason Apple does this is because you may be using an app other than the web browser. For example, the only thing you might be doing is syncing your e-mail. In such situations, you would never see the portal page, and your app will mysteriously fail to connect to the Internet."
So, what seemed to have happened is that the file: http://www.apple.com/library/test/success.html has somehow become malformed.
Anyways, Apple soon resolved & I learnt something that I felt was worth sharing.
It also appears that the URL for 10.10 is not the same URL & neither is the same URL used for differing iOS versions. Also, some Android devices were affected as they used the same method (including the same URL).