Solved

Build a Proxy-Auto-Config file

Posted on 2009-05-19
14
1,343 Views
Last Modified: 2013-11-22
I need to build what I would think would be a simple proxy auto-config file.  Basically I need it to set a proxy server for ONLY HTTP traffic when a computer is in our office (how can we do that test?) & then set it to direct when out of the office.  

In the near future I may have a need to throw in an alternative proxy server (ie - try in-office proxy then try outside proxy, then direct).  

Does anyone have any helpful tips on how to do this?  I have never worked with PAC files before.  I thought I had it correct, but the computer defaulted to direct.

Thanks!
0
Comment
Question by:rustyrpage
  • 7
  • 5
  • 2
14 Comments
 
LVL 6

Expert Comment

by:oswaldofarith
ID: 24427810
My recommendation is: Forget auto-config file. Use a free utility like

http://www.proxychanger.com/proxy-changer-download.asp
http://www.allscoop.com/dotnet-software/proxy-changer.php

or try a toolbar, extension, complement or whatever for your browser

http://ie7pro.com  (for IE)
https://addons.mozilla.org/en-US/firefox/addon/1557 (for Firefox)

0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24427880
How does that work in a company environment where we have no admins & block changes to Proxy.  When in the office I do not want people to be able to bypass the proxy.  When out of the office, I want it to go direct.

Make sense?
0
 
LVL 6

Accepted Solution

by:
oswaldofarith earned 500 total points
ID: 24428654
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24432178
What if I ONLY want the proxy to proxy port 80 traffic?  (not 443, FTP etc)
0
 
LVL 1

Expert Comment

by:vkoyustu
ID: 24436289
You can user PAC or WPAD.

WPAD is very simple.
http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
http://www.findproxyforurl.com/

http://www.findproxyforurl.com/wpad_tutorial.html



WPAD Deployment Tutorial

PAC File Configuration

The WPAD specification demands that the PAC file be renamed to: wpad.dat
This is the only change required of a normal PAC file.
Web Server Configuration

IIS Server
1. Login to the server through Terminal Services or Remote Desktop Connection.
2. Click Start, select Programs, and then click Administrative Tools.
For IIS 5.0: Open Internet Services Manager.
For IIS 6.0: Open Internet Information Services.
3. In the left column you will see the Server Name.
In IIS 5.0: expand the Server Name to find the domain name.
In IIS 6.0: expand the Server Name and then Web Sites to find the domain name.
4. Right-click on the domain name and select Properties.
5. On the HTTP Headers tab click MIME Types.
6. Click New.
7. Enter the below information:
Extension: .dat
MIME type: application/x-ns-proxy-autoconfig
8. Click OK.

Apache Server
1. Create .htaccess file.
2. Add the below line into the file:
AddType application/x-ns-proxy-autoconfig .dat
3. Upload file to same location as wpad.dat file.
DHCP Server Configuration

We must configure the DHCP server to include a 252 entry in the DHCP information sent to a user. When configured this entry includes a direct link to the wpad.dat file.

Windows 2003 DHCP:
1. Click Start > Programs > Administrative Tools and then click DHCP.
2. In the console tree, right-click on the DHCP server, click Set Predefined Options, and then click Add.
3. In Name type: WPAD.
4. In Code type: 252.
5. In Data type select String, and then click OK.
6. In String, type URL of PAC file in format: http://url:port/wpad.dat
7. Right-click Server options and click Configure Options.
8. Confirm that the Option 252 option is selected.

Once created we must then enable the option for a DHCP scope.
1. Click Start > Programs > Administrative Tools and then click DHCP.
Right-click Scope Options and then click Configure Options.
2. Click Advanced, and then in Vendor Class, click Standard Options.
3. In Available Options, select the 252 Proxy Autodiscovery option and click OK.

Linux DHCP:
1. Edit the DHCP configuration file (usually /etc/dhcp/dhcpd.conf).
2. Edit and paste the following into the file:
option local-pac-server code 252 = text;
option local-pac-server "http://wpad.example.com:80/wpad.dat";
The first declaration must go in the global section of the configuration file.
3. Restart the DHCP server.
DNS Server Configuration

Windows 2003 DNS:
1. Click Start, click Programs, click Administrative Tools, and then click DNS.
2. In the console tree right-click on the applicable forward lookup zone and click New Host (A).
3. In Name type: wpad
4. In IP Address enter the IP address of the web server hosting the wpad.dat file.

0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24436801
But I still don't see how to just set the HTTP traffic & not the others.
0
 
LVL 1

Expert Comment

by:vkoyustu
ID: 24436882
What do you use as proxy server?
ISA Server or other solution?
You can configure a rule for HTTP on ISA server.
 http://www.elmajdal.net/ISAServer/Allow_Internet_From_ISA_Server_Machine.aspx
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 6

Author Comment

by:rustyrpage
ID: 24436899
We don't use ISA - we are using an external service that does our filtering, so it is just a squid proxy.
0
 
LVL 1

Expert Comment

by:vkoyustu
ID: 24440382
ok no problem
you can use any proxy with WPAD.
your clients are windows or linux?
did you test wpad anyway?
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24442395
My only problem with WPAD is that gets pushed to all users - I would prefer push a proxy auto-config setting via GPO to only select users.  The fear I have is that our subnet is 10.1.x.x 255.255.0.0, so that could be common enough that it would cause problems at people's houses etc.  Thoughts?
0
 
LVL 1

Expert Comment

by:vkoyustu
ID: 24442704
Ok I understand,

What is your antivirus system? if you use Symantec endpoint protection and host integrity enable on SEP manager, you can set proxy config automatically only select users. you can config Office and outoffice group. So your users use proxy if they are in office with office policyi, then if they are their home you cannot use proxy with outofoffice policy:)

0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24443156
Nope - we're still stuck on SAV 10.2

I can't be the only person with this issue, that's what's so surprising =)
0
 
LVL 1

Expert Comment

by:vkoyustu
ID: 24444148
if you have SEP upgrade license immediately upgrade to sep 11 mr4
then I can help you:)
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24444437
I am really looking for something like the below code, but have it ONLY do HTTP traffic.  I also need to know what some of the variables mean.  I have no problem distributing it via GPO.  
//modified 07/31/08 11:32 ch 

 

function FindProxyForURL(url, host)

{

 

 

var myip=myIpAddress();

 

 

 

//exceptions to proxy, traffic to local hosts is direct,

//also sites that have trouble with squid is direct

if (shExpMatch(url, "*mydomain.com*") ||

   shExpMatch(url, "*myotherdomain.com*")  ||

   isInNet(host, "172.19.0.0", "255.255.0.0") ||

   isInNet(host, "10.0.0.0", "255.0.0.0") ||

   isInNet(host, "127.0.0.1", "255.255.255.255"))

   		{

		//alert("direct") 

		return "DIRECT";

		}

 

else if (myip.substring(0,3)!=="10." && myip.substring(0,7)!=="172.19.")

		{

		//alert("direct")

		return "DIRECT";

		}

 

//use proxy unless unreachable, go direct if proxy is unreachable

 

else

{

//alert("proxy")

//return "DIRECT";

return "PROXY squid:3128; PROXY squidbak:3128; DIRECT";

 

}

 

} 

Open in new window

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
I had to do a bit of research to find the answer to this question so I thought I'd share my results.  Due to our outdated mainframe systems, we need to downgrade IE9 to IE8 in order to stay compatible.  We also needed to downgrade Java.  In order to…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now