Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Web Security: HTTP/HTTPS/FTP, IM/P2P, Web Filtering and Antivirus
Reload this Page WPAD Howto
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-26-2007, 12:05 PM
fkryszon's Avatar
Junior Member
  
Join Date: Oct 2007
Posts: 24
Default WPAD Howto
How to provide Proxy Settings to Clients (OS Independent)
-- feel free to extend or comment --

Situation:
LAN: 192.168.178.0/24
MS Windows 2003 SBS on 192.168.178.100
Services: WINS, DNS, DHCP, IIS
Clients: Windows XP, Vista, Linux
Astaro (v7 but shouldn't matter): 192.168.178.3
Proxy Services: 192.168.178.3:8080

on the SBS Server:

WINS: add a new static mapping with following details:
Computer:wpad, type:unique, IP:192.168.178.100
Computer:wpad., type:unique, IP:192.168.178.100 -suggested by MS but seems to work without

DNS: add a new Class A Host in your DNS Zone with following details:
Computer:wpad, type:unique, IP:192.168.178.100
not needed: Computer:wpad., type:unique, IP:192.168.178.100 -suggested by MS but seems to work without

DHCP: set a new predefined Option with following details:
Name:wpad
Data Type:string
Code:252
Value:http://wpad/wpad.dat
(afterwards set this new option in your server or scope options)

IIS: in your IIS Properties add a new mime type with following details:
Extension:.dat
MIME Type:application/octet-stream
In your Default Web Site Properties add the following identifications:
IP Address:192.168.178.100
TCP Port:80
Host Header Value:wpad
and
IP Address:192.168.178.100
TCP Port:80
Host Header Value:wpad.<yourdomain.local>

Windows Explorer: add a file called wpad.dat in your default web site's root folder (by MS default that is c:\inetpub\wwwroot)

example for wpad.dat:
Code:
function FindProxyForURL(url)

{
// Proxy if PC is on local LAN
if (isInNet(myIpAddress(), "192.168.178.0", "255.255.255.0"))
return "PROXY 192.168.178.3:8080";
else
return "DIRECT";
}

Before this works:
- the IIS has to be restarted
- DNS Cache has to be cleared (DNS Server)
- ipconfig /flushdns on the clients

Note: make sure you change the above IP addresses to your local network settings and your browsers proxy settings are set to auto-detect proxy settings for this network
Last edited by fkryszon; 12-28-2007 at 04:33 PM. Reason: annex
Reply With Quote
  #2 (permalink)  
Old 01-02-2008, 09:02 PM
Wizard
  
Join Date: Sep 2001
Location: Munich, GER
Posts: 683
Default
...for MS Clients just use the GPO and you do not have to config each client.
Reply With Quote
  #3 (permalink)  
Old 01-02-2008, 10:18 PM
fkryszon's Avatar
Junior Member
  
Join Date: Oct 2007
Posts: 24
Default
where am I configuring each client?
ipconfig /flushdns just saves a reboot, and will not be required if you've got new clients or can wait for the next reboot (which would be also required for the machine targeted gpo)

this is why I didn't go for gpo:
- not all clients are domain members (don't wanna join domain for a proxy gpo)
- need for a gpo setting for each browser (IE is fine, how about Firefox, Opera, Safari, oops not even MS OS)
- not OS independent
- Laptops (sometimes in LAN, mostly external)

That's why I tried something 'Server Based', 'target independent'

Anyway, thx for your comments
Reply With Quote
  #4 (permalink)  
Old 01-22-2008, 10:55 PM
Junior Member
  
Join Date: Aug 2005
Posts: 11
Default
It figures I would find this thread the day after I figure it out on my own.

But I have to say, this works great with our non-MS clients, which the number of has really taken off over the last few years.
Reply With Quote
  #5 (permalink)  
Old 01-23-2008, 01:26 AM
Simon Shaw's Avatar
Aussie moderator.
  
Join Date: Jun 2001
Location: Perth, Western Australia
Posts: 2,628
Default
The WINS server is optional and probably redundant given you are using DNS to resolve wpad host.

You can actually do the whole lot in DNS since by default most clients will search for a wpad by default if "Auto detect proxy settings" is set in the client. Unsure if firefox supports this but IE definately does.

Here is another example of the actual WPAD file.
(With proxy skips for HTTPS and some local hosts and other protocols)


function FindProxyForURL(url, host)
{
var proxy_yes = "PROXY 192.168.3.1:8080; DIRECT";
var proxy_no = "DIRECT";
// Proxy if PC is on local LAN - doesn't work with Konqueror!
// So this test is for Internet Explorer and compatible only

//if (isInNet(myIpAddress(), "192.168.0.0", "255.255.252.0") || isInNet(myIpAddress(), "192.168.0.0", "255.255.252.0"))
// {
if (
url.substring(0, 6) == "https:"
|| url.substring(0, 16) == "http://localhost"
|| url.substring(0, 16) == "http://intranet."
|| url.substring(0, 11) == "http://mm00"
|| url.substring(0, 14) == "http://issues."
|| url.substring(0, 11) == "http://csg."
|| url.substring(0, 14) == "http://vm-mm00"
|| url.substring(0, 14) == "http://192.168"
|| url.substring(0, 16) == "http://203.11.69"
|| url.substring(0, 4) == "ftp:"
|| url.substring(0, 7) == "gopher:"
)
{
return proxy_no;
}
else
{
return proxy_yes;
}

//}
}
__________________
Simon Shaw
Systems Manager
Micromine PL

Intel 2.66GHz Quad Core, 4GB (2 x 2GB) PC-6400 800Mhz 4-4-4-12, WD 300GB 10K RPM VelociRaptor, Intel Pro/1000 Quad Port PCI-X
http://www.sputcorp.com/
Reply With Quote
  #6 (permalink)  
Old 07-03-2009, 02:11 PM
Member
  
Join Date: Apr 2009
Posts: 49
Default
Hi,

I have a very similar setup using IIS to publish the wpad.dat file, DNS and a GP to make sure autodetect is ticked.

However I have the issue that browsers take between 20 and 30 seconds to display the first page - any idea why that might be the case?

Cheers,

FB
Reply With Quote
  #7 (permalink)  
Old 07-05-2009, 10:50 AM
Simon Shaw's Avatar
Aussie moderator.
  
Join Date: Jun 2001
Location: Perth, Western Australia
Posts: 2,628
Default
Possible DNS resolution issue?
__________________
Simon Shaw
Systems Manager
Micromine PL

Intel 2.66GHz Quad Core, 4GB (2 x 2GB) PC-6400 800Mhz 4-4-4-12, WD 300GB 10K RPM VelociRaptor, Intel Pro/1000 Quad Port PCI-X
http://www.sputcorp.com/
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 01:46 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.