Question

Build a Proxy-Auto-Config file

Asked by: rustyrpage

I need to build what I would think would be a simple proxy auto-config file.  Basically I need it to set a proxy server for ONLY HTTP traffic when a computer is in our office (how can we do that test?) & then set it to direct when out of the office.  

In the near future I may have a need to throw in an alternative proxy server (ie - try in-office proxy then try outside proxy, then direct).  

Does anyone have any helpful tips on how to do this?  I have never worked with PAC files before.  I thought I had it correct, but the computer defaulted to direct.

Thanks!

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-05-19 at 14:57:41ID24422709
Topics

Web Browsers

,

Proxy/Firewall Anti-Virus

Participating Experts
2
Points
500
Comments
14

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Proxy
    We have a small home business with a server (Windows XP Pro SP2) connected to the internet via ADSL. We then have 5 PC's (Windows XP Pro SP2) connected to this server. The server has Internet Connection Sharing turned on and that is how the other 5 PC's access the internet. W...
  2. detect proxy traffic
    hello, is there a way to detect proxy traffic from my website?
  3. using proxy
    hello, If I use a public proxy and then I login to my email will the owners of the proxy will have the logs of my user name and password information?
  4. Force web traffic to Proxy
    Hi, I am looking for a quick/simple way of forcing all my web browsing traffic (port 80) to a proxy on port 8080. There are quite a few machines which I have almost no control over, all of them having global (non-NAt'd) IP addresses. I would like them to all use a proxy serv...
  5. PROXY
    how to disable proxy in squid 2.6 STABLE10

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: oswaldofarithPosted on 2009-05-19 at 17:43:17ID: 24427810

My recommendation is: Forget auto-config file. Use a free utility like

http://www.proxychanger.com/proxy-changer-download.asp
http://www.allscoop.com/dotnet-software/proxy-changer.php

or try a toolbar, extension, complement or whatever for your browser

http://ie7pro.com  (for IE)
https://addons.mozilla.org/en-US/firefox/addon/1557 (for Firefox)

 

by: rustyrpagePosted on 2009-05-19 at 18:01:39ID: 24427880

How does that work in a company environment where we have no admins & block changes to Proxy.  When in the office I do not want people to be able to bypass the proxy.  When out of the office, I want it to go direct.

Make sense?

 

by: oswaldofarithPosted on 2009-05-19 at 21:37:46ID: 24428654

 

by: rustyrpagePosted on 2009-05-20 at 07:25:06ID: 24432178

What if I ONLY want the proxy to proxy port 80 traffic?  (not 443, FTP etc)

 

by: vkoyustuPosted on 2009-05-20 at 14:03:57ID: 24436289

You can user PAC or WPAD.

WPAD is very simple.
http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
http://www.findproxyforurl.com/

http://www.findproxyforurl.com/wpad_tutorial.html



WPAD Deployment Tutorial

PAC File Configuration

The WPAD specification demands that the PAC file be renamed to: wpad.dat
This is the only change required of a normal PAC file.
Web Server Configuration

IIS Server
1. Login to the server through Terminal Services or Remote Desktop Connection.
2. Click Start, select Programs, and then click Administrative Tools.
For IIS 5.0: Open Internet Services Manager.
For IIS 6.0: Open Internet Information Services.
3. In the left column you will see the Server Name.
In IIS 5.0: expand the Server Name to find the domain name.
In IIS 6.0: expand the Server Name and then Web Sites to find the domain name.
4. Right-click on the domain name and select Properties.
5. On the HTTP Headers tab click MIME Types.
6. Click New.
7. Enter the below information:
Extension: .dat
MIME type: application/x-ns-proxy-autoconfig
8. Click OK.

Apache Server
1. Create .htaccess file.
2. Add the below line into the file:
AddType application/x-ns-proxy-autoconfig .dat
3. Upload file to same location as wpad.dat file.
DHCP Server Configuration

We must configure the DHCP server to include a 252 entry in the DHCP information sent to a user. When configured this entry includes a direct link to the wpad.dat file.

Windows 2003 DHCP:
1. Click Start > Programs > Administrative Tools and then click DHCP.
2. In the console tree, right-click on the DHCP server, click Set Predefined Options, and then click Add.
3. In Name type: WPAD.
4. In Code type: 252.
5. In Data type select String, and then click OK.
6. In String, type URL of PAC file in format: http://url:port/wpad.dat
7. Right-click Server options and click Configure Options.
8. Confirm that the Option 252 option is selected.

Once created we must then enable the option for a DHCP scope.
1. Click Start > Programs > Administrative Tools and then click DHCP.
Right-click Scope Options and then click Configure Options.
2. Click Advanced, and then in Vendor Class, click Standard Options.
3. In Available Options, select the 252 Proxy Autodiscovery option and click OK.

Linux DHCP:
1. Edit the DHCP configuration file (usually /etc/dhcp/dhcpd.conf).
2. Edit and paste the following into the file:
option local-pac-server code 252 = text;
option local-pac-server "http://wpad.example.com:80/wpad.dat";
The first declaration must go in the global section of the configuration file.
3. Restart the DHCP server.
DNS Server Configuration

Windows 2003 DNS:
1. Click Start, click Programs, click Administrative Tools, and then click DNS.
2. In the console tree right-click on the applicable forward lookup zone and click New Host (A).
3. In Name type: wpad
4. In IP Address enter the IP address of the web server hosting the wpad.dat file.

 

by: rustyrpagePosted on 2009-05-20 at 15:13:22ID: 24436801

But I still don't see how to just set the HTTP traffic & not the others.

 

by: vkoyustuPosted on 2009-05-20 at 15:25:36ID: 24436882

What do you use as proxy server?
ISA Server or other solution?
You can configure a rule for HTTP on ISA server.
 http://www.elmajdal.net/ISAServer/Allow_Internet_From_ISA_Server_Machine.aspx

 

by: rustyrpagePosted on 2009-05-20 at 15:29:06ID: 24436899

We don't use ISA - we are using an external service that does our filtering, so it is just a squid proxy.

 

by: vkoyustuPosted on 2009-05-21 at 05:08:01ID: 24440382

ok no problem
you can use any proxy with WPAD.
your clients are windows or linux?
did you test wpad anyway?

 

by: rustyrpagePosted on 2009-05-21 at 08:15:42ID: 24442395

My only problem with WPAD is that gets pushed to all users - I would prefer push a proxy auto-config setting via GPO to only select users.  The fear I have is that our subnet is 10.1.x.x 255.255.0.0, so that could be common enough that it would cause problems at people's houses etc.  Thoughts?

 

by: vkoyustuPosted on 2009-05-21 at 08:41:21ID: 24442704

Ok I understand,

What is your antivirus system? if you use Symantec endpoint protection and host integrity enable on SEP manager, you can set proxy config automatically only select users. you can config Office and outoffice group. So your users use proxy if they are in office with office policyi, then if they are their home you cannot use proxy with outofoffice policy:)

 

by: rustyrpagePosted on 2009-05-21 at 09:19:47ID: 24443156

Nope - we're still stuck on SAV 10.2

I can't be the only person with this issue, that's what's so surprising =)

 

by: vkoyustuPosted on 2009-05-21 at 11:00:51ID: 24444148

if you have SEP upgrade license immediately upgrade to sep 11 mr4
then I can help you:)

 

by: rustyrpagePosted on 2009-05-21 at 11:28:55ID: 24444437

I am really looking for something like the below code, but have it ONLY do HTTP traffic.  I also need to know what some of the variables mean.  I have no problem distributing it via GPO.  

//modified 07/31/08 11:32 ch 
 
function FindProxyForURL(url, host)
{
 
 
var myip=myIpAddress();
 
 
 
//exceptions to proxy, traffic to local hosts is direct,
//also sites that have trouble with squid is direct
if (shExpMatch(url, "*mydomain.com*") ||
   shExpMatch(url, "*myotherdomain.com*")  ||
   isInNet(host, "172.19.0.0", "255.255.0.0") ||
   isInNet(host, "10.0.0.0", "255.0.0.0") ||
   isInNet(host, "127.0.0.1", "255.255.255.255"))
   		{
		//alert("direct") 
		return "DIRECT";
		}
 
else if (myip.substring(0,3)!=="10." && myip.substring(0,7)!=="172.19.")
		{
		//alert("direct")
		return "DIRECT";
		}
 
//use proxy unless unreachable, go direct if proxy is unreachable
 
else
{
//alert("proxy")
//return "DIRECT";
return "PROXY squid:3128; PROXY squidbak:3128; DIRECT";
 
}
 
} 
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:

Select allOpen in new window

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...