Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

WPAD configuration for wireless clients only

Posted on 2008-11-01
3
Medium Priority
?
1,459 Views
Last Modified: 2012-05-05
We have published a wpad.dat script for Proxy settings on our wireless network.  The script is working fine with directing traffic through our internal proxy for internet traffic and directly for intranet traffic and appears underneath.  

My issues are: I need to be able to make this wpad script come into effect only for my wireless clients and NOT the wired ones.

For example, if my wireless clients get DHCP from subnets, say; 10.100.10.*, 10.100.20.* and 10.100.30.*; only they should be able to access the proxy and NOT anyone else across my 10.100.*.* network even though, wpad.dat is available to all others via the IIS 6 publishing it.

Also, I have a few exception entries in my Proxy settings which I configure regularly via 'Do Not use proxy server for addresses begining with':;

How should I configure these within my wpad scripting? The addresses are both IP and host/dns names.
Pls advise!!
function FindProxyForURL(url, host)
{ if (isPlainHostName(host))
return "DIRECT";
else
return "PROXY 'my proxy ip':80";
}

Open in new window

0
Comment
Question by:fahim
  • 2
3 Comments
 
LVL 6

Expert Comment

by:matjm
ID: 22861006
Hi there,

There are two ways to acheive this - Either by publishing different WPAD settings to wired and wireless clients, or as you have mentioned, configuring the condition in the wpad.dat file itself.

You can use this syntax to process conditions based on the source IPs of the clients: -

if (isInNet(host, "192.168.0.0", "255.255.255.0")) { return "DIRECT"; }
if (isInNet(host, "192.168.1.0", "255.255.255.0")) { return "PROXY MYPROXY:PORT"; }

This would obviously pass any IPs on 192.168.0.x through directly to the internet, but would redirect IPs from 192.168.1.x through to the proxy.
0
 

Author Comment

by:fahim
ID: 22868372
Thanks for the reply Mat. You said that I can publish diffrent WPAD settings to wired and wireless networks. How do I do that? My DHCP server serving wireless is NOT a windows server and is internal to my Wireless Controller device whose APs are thin clients (Nortel implementation). So I cannot use the Option 252 entry of DHCP on my wireless clients.

Wired clients have the normal Windows DNS/DHCP though. Having given an "A" entry on my DNS for WPAD hosting machine, I have made sure that wpad hosting IIS is resolvable from both my wired and wireless clients.

Second, you stated that for my 'exception' in the proxy I use the DIRECT return. If I need to mention DNS/hostnames instead of IPs, what would be my line? Also, some of the stuff is hosted internally and the resolution of those DNS.WINS names should neither go directly or indirectly to the Internet realm. How do I define those entries?

Thanks in advance!!

0
 
LVL 6

Accepted Solution

by:
matjm earned 2000 total points
ID: 22871593
Using DNS instead of DHCP is fine, so long as you follow the standards (file is called wpad.dat, wpad and wpad.domain resolve correctly, etc.)

The WPAD snippet I posted above will do the seperation of your clients based on the subnets they are in - Normally you'd do this via DHCP, but as this isn't an option you can do it this way.

So basically you just punch in all of your subnets for your clients, and then specify either a proxy or direct connection for each subnet.

Regarding exceptions, I've actually written an article on WPAD a little while back which goes through different types of exceptions - http://techblog.mirabito.net.au/?p=21

Let me know if there's anything I haven't explained properly, or misunderstood.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question