Segui

How to use WPAD (Web Proxy Auto-Discovery Protocol)

Introduction

A Proxy Auto-Configuration (PAC) file is used by WEB browser to understand if the requests go directly to the destination (request go out without pass through a proxy) or are forwarded to a proxy server (request go out through a proxy).

Browsers search for PAC file in different ways (DHCP or DNS) but DNS method should be the one widely supported.

In this article we will describe the WPAD deployment (DNS method)

Prerequisites

  1. Proxy set in non-transparent for the zone you want to apply proxy.pac settings to.
  2. The browser has to be configured to use the auto detect proxy configuration option.
  3. If hosts are not using Endian UTM Enterprise Appliance as DNS resolver, DNS server must have a WPAD DNS record configured

Note

If hosts are not using Endian UTM Enterprise Appliance as DNS resolver,you must add in DNS server used by your hosts a DNS record for the WPAD server that point to the Endian UTM Enterprise Appliance IP address

 

Configure Internet Explorer

  • Open Internet Explorer, click on Tools > Internet Options > Connections > LAN Settings
  • Select Automatically detect settings

 

Configure Firefox

  • Open Firefox,click on General > Network Settings > Settings
  • Select Auto-detect proxy settings for this network

 

Endian UTM Enterprise Appliance will serve a PAC file to those hosts that will request it. To test if the host can get the PAC file, open a browser and type:

http://wpad/wpad.dat

if you will get and empty response or an error , see troubleshooting section.

If the output will be something similar to:

function FindProxyForURL(url, host) {
if (host == "127.0.0.1" || isPlainHostName(host) || shExpMatch (host, "(192.168.253.15)")) {
return "DIRECT";
}

return "PROXY 192.168.253.15:8080";
}

your host is getting the PAC file correctly.

The default PAC configuration will bypass Proxy for loopback IP (host == "127.0.0.1"), hostname that contain no dots, e.g. http://localwebserver (isPlainHostName(host)) and Endian UTM Enterprise Appliance IP address. All the other requests will pass through the Endian UTM Enterprise Appliance Proxy ( return "PROXY 192.168.253.15:8080" )

In this example 192.168.253.15 is the IP address of the Endian UTM Enterprise Appliance and 8080 is the TCP port used by Endian UTM Enterprise Appliance Proxy service.

If you want to customize the PAC file served by the Endian UTM Enterprise Appliance see this article.

Troubleshooting

- I’m unable to get a PAC file when connecting to http://wpad/wpad.dat

Make sure that your host can resolve correctly wpad DNS record. from a CLI ( it could be MS DOS ) run the below command

ping wpad

to see if it resolves the IP address. If the IP is not resolved correctly:

1 - check that DNS server has a DNS record called wpad configured (On Endian UTM Enterprise Appliances this is done automatically). If everything is correctly set and your DNS server runs on a Microsoft Windows OS server edition make sure that the WPAD resolution is not blocked. See here for more information.

2 - DNS domain name of the Endian UTM enterprise appliance and DNS suffix configured on host have to be the same. Check the DNS suffix of your hosts running the below command from a CLI (If you are using Windows OS)

    

If the DNS suffix of the hosts is empty or different than the DNS domain configured on the Endian UTM enterprise Appliance, configure it accordingly.If the hosts are getting an IP from a DHCP server,make sure that it is configured accordingly to serve the correct DNS domain (endian.local in this example). 

3. If your hosts are using Endian Enterprise Appliance as DNS resolver,and DNS suffix configured on your hosts is different than the Endian DNS domain (see system > network configuration step 3/8) you could proceed in this way:

- Add a new host into Network > Edit hosts > Add new host, then create the following:

Where 192.168.103.254 is the IP of your Endian Enterprise Appliance

 

Altre domande? Invia una richiesta

Commenti