Advertisements

Setting up proxy autodetect

We recently have the need of being able to assign a proxy server based on a workstation location. This led me into the magical world of Proxy autoconfiguration.

Basically you need to have some method of delivering the address of the location of your autoconfig script.
The easiest, and laziest, and possible least reliable method is handing it out using your DHCP sever. Assume your script is named wpad.dat and located at http://yourwebserver/wpad.dat

This is not one of the standard types of things for your DHCP server to hand out (server 2003) so will need to configure it. This page explains it very well http://www.findproxyforurl.com/wpad_tutorial.html

We must configure the DHCP server to include a 252 entry in the DHCP information sent to a user. When configured this entry includes a direct link to the wpad.dat file.

Windows 2003 DHCP:
1. Click Start > Programs > Administrative Tools and then click DHCP.
2. In the console tree, right-click on the DHCP server, click Set Predefined Options, and then click Add.
3. In Name type: WPAD.
4. In Code type: 252.
5. In Data type select String, and then click OK.
6. In String, type URL of PAC file in format: http://url:port/wpad.dat
7. Right-click Server options and click Configure Options.
8. Confirm that the Option 252 option is selected.

Once created we must then enable the option for a DHCP scope.
1. Click Start > Programs > Administrative Tools and then click DHCP.
Right-click Scope Options and then click Configure Options.
2. Click Advanced, and then in Vendor Class, click Standard Options.
3. In Available Options, select the 252 Proxy Autodiscovery option and click OK.

Follow it exactly! I’m not sure if it matters if you set your wapd file as the default setting before you assign it to the scope but for some reason this seems to work better??

OK, well thats how you point to the WPAD file but how do you server it? The annoying/logical thing is that you must serve it through a webserver. If you are using IIS you need to add a MIME type (open IIS admin, rclick your web server, properties, click MIME Types)

The way I got it to function was using, .dat with application/octet-stream

Use iisreset for the setting to take.

Ok, so the dhcp server hands out the location of the wpad.dat file, and you serve out the wpad.dat file using the newly created .dat MIME type. Now we need a wpad.dat file

Mine is super duper lame, one thing about wpad.dat, if there are any errors at all it will silently bomb out on you! Very frustrating!

function FindProxyForURL(url, host){

if ((host ==”proxyinfo.company.com”)){
alert(“Local IP address is: ” + myIpAddress());
}

if (isInNet(myIpAddress(), “10.1.0.0”, “255.255.0.0”)){
return “PROXY 10.1.100.1:80”; }

}

The best way I have found to test the .pac file is to open up Internet Explorer, tools, internet options, connections, lan settings, click the use automatic configuration script, then point to the file on your hard drive, using this type of path,

file:////C:/proxy.pac

This page explains this well http://techblog.mirabito.net.au/?p=21 actually its a great post about WPAD and PAC files!

In order to test though you will always want to delete files (on general tab) un check the use the file and the close all IE windows, then open it check mark to use the file, then close and open. This way you can be sure of clearing the proxy auto config cache!

Well, thats it for now! But soon I will be playing with squid proxy!

Messed with Squid Proxy on windows here https://michaelellerbeck.com/2009/04/14/chapter-3-the-internet-lockdown/ (very fun!)

Advertisements

One Response

  1. Thanks for this post, answers a bunch of questions I was having.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: