Build a Proxy-Auto-Config file

I need to build what I would think would be a simple proxy auto-config file.  Basically I need it to set a proxy server for ONLY HTTP traffic when a computer is in our office (how can we do that test?) & then set it to direct when out of the office.  

In the near future I may have a need to throw in an alternative proxy server (ie - try in-office proxy then try outside proxy, then direct).  

Does anyone have any helpful tips on how to do this?  I have never worked with PAC files before.  I thought I had it correct, but the computer defaulted to direct.

Who is Participating?

Improve company productivity with a Business Account.Sign Up

My recommendation is: Forget auto-config file. Use a free utility like

or try a toolbar, extension, complement or whatever for your browser  (for IE) (for Firefox)

rustyrpageAuthor Commented:
How does that work in a company environment where we have no admins & block changes to Proxy.  When in the office I do not want people to be able to bypass the proxy.  When out of the office, I want it to go direct.

Make sense?
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

rustyrpageAuthor Commented:
What if I ONLY want the proxy to proxy port 80 traffic?  (not 443, FTP etc)
You can user PAC or WPAD.

WPAD is very simple.

WPAD Deployment Tutorial

PAC File Configuration

The WPAD specification demands that the PAC file be renamed to: wpad.dat
This is the only change required of a normal PAC file.
Web Server Configuration

IIS Server
1. Login to the server through Terminal Services or Remote Desktop Connection.
2. Click Start, select Programs, and then click Administrative Tools.
For IIS 5.0: Open Internet Services Manager.
For IIS 6.0: Open Internet Information Services.
3. In the left column you will see the Server Name.
In IIS 5.0: expand the Server Name to find the domain name.
In IIS 6.0: expand the Server Name and then Web Sites to find the domain name.
4. Right-click on the domain name and select Properties.
5. On the HTTP Headers tab click MIME Types.
6. Click New.
7. Enter the below information:
Extension: .dat
MIME type: application/x-ns-proxy-autoconfig
8. Click OK.

Apache Server
1. Create .htaccess file.
2. Add the below line into the file:
AddType application/x-ns-proxy-autoconfig .dat
3. Upload file to same location as wpad.dat file.
DHCP Server Configuration

We must configure the DHCP server to include a 252 entry in the DHCP information sent to a user. When configured this entry includes a direct link to the wpad.dat file.

Windows 2003 DHCP:
1. Click Start > Programs > Administrative Tools and then click DHCP.
2. In the console tree, right-click on the DHCP server, click Set Predefined Options, and then click Add.
3. In Name type: WPAD.
4. In Code type: 252.
5. In Data type select String, and then click OK.
6. In String, type URL of PAC file in format: http://url:port/wpad.dat
7. Right-click Server options and click Configure Options.
8. Confirm that the Option 252 option is selected.

Once created we must then enable the option for a DHCP scope.
1. Click Start > Programs > Administrative Tools and then click DHCP.
Right-click Scope Options and then click Configure Options.
2. Click Advanced, and then in Vendor Class, click Standard Options.
3. In Available Options, select the 252 Proxy Autodiscovery option and click OK.

Linux DHCP:
1. Edit the DHCP configuration file (usually /etc/dhcp/dhcpd.conf).
2. Edit and paste the following into the file:
option local-pac-server code 252 = text;
option local-pac-server "";
The first declaration must go in the global section of the configuration file.
3. Restart the DHCP server.
DNS Server Configuration

Windows 2003 DNS:
1. Click Start, click Programs, click Administrative Tools, and then click DNS.
2. In the console tree right-click on the applicable forward lookup zone and click New Host (A).
3. In Name type: wpad
4. In IP Address enter the IP address of the web server hosting the wpad.dat file.

rustyrpageAuthor Commented:
But I still don't see how to just set the HTTP traffic & not the others.
What do you use as proxy server?
ISA Server or other solution?
You can configure a rule for HTTP on ISA server.
rustyrpageAuthor Commented:
We don't use ISA - we are using an external service that does our filtering, so it is just a squid proxy.
ok no problem
you can use any proxy with WPAD.
your clients are windows or linux?
did you test wpad anyway?
rustyrpageAuthor Commented:
My only problem with WPAD is that gets pushed to all users - I would prefer push a proxy auto-config setting via GPO to only select users.  The fear I have is that our subnet is 10.1.x.x, so that could be common enough that it would cause problems at people's houses etc.  Thoughts?
Ok I understand,

What is your antivirus system? if you use Symantec endpoint protection and host integrity enable on SEP manager, you can set proxy config automatically only select users. you can config Office and outoffice group. So your users use proxy if they are in office with office policyi, then if they are their home you cannot use proxy with outofoffice policy:)

rustyrpageAuthor Commented:
Nope - we're still stuck on SAV 10.2

I can't be the only person with this issue, that's what's so surprising =)
if you have SEP upgrade license immediately upgrade to sep 11 mr4
then I can help you:)
rustyrpageAuthor Commented:
I am really looking for something like the below code, but have it ONLY do HTTP traffic.  I also need to know what some of the variables mean.  I have no problem distributing it via GPO.  
//modified 07/31/08 11:32 ch 
function FindProxyForURL(url, host)
var myip=myIpAddress();
//exceptions to proxy, traffic to local hosts is direct,
//also sites that have trouble with squid is direct
if (shExpMatch(url, "**") ||
   shExpMatch(url, "**")  ||
   isInNet(host, "", "") ||
   isInNet(host, "", "") ||
   isInNet(host, "", ""))
		return "DIRECT";
else if (myip.substring(0,3)!=="10." && myip.substring(0,7)!=="172.19.")
		return "DIRECT";
//use proxy unless unreachable, go direct if proxy is unreachable
//return "DIRECT";
return "PROXY squid:3128; PROXY squidbak:3128; DIRECT";

Open in new window

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.