Howzatt
asked on
How to use PAC file to configure browser to use proxy server when inside work network, but use autodetect when connected anywhere else
I would like our Laptop users to point to our Proxy server when they are connected inside any of the branch offices in our network. I would also like the browsers to use AutoDetect settings when connected anywhere else (eg when they are at home).
Is this possible with a PAC file?
Is this possible with a PAC file?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for that. Do you know where I can get an example of a wpad file?
I want to add the list of subnets for our branch offices (for which to use the Proxy server)
and I would like it to treat any other network as direct internet access.
I want to add the list of subnets for our branch offices (for which to use the Proxy server)
and I would like it to treat any other network as direct internet access.
ASKER
I ended up going with a PAC file.
I have hosted on a web server, created the PAC CNAME ref in AD and it is pointing to the IIS host.
URL is http://pac/proxy.pac
I also added the MIME setting for .pac
If I enter the file path into a browser, the PAC file is presented and I can open it if I like. I would assume this would mean the URL path is fine. However if I then type that address into the "Use Auto Config Script" section in the IE Internet options, and try browse a page, it just times out.
There are no events generated on the web host.
I cannot test the PAC file locally as I am running IE11 & apparently it no longer supports local paths for PAC files.
I have hosted on a web server, created the PAC CNAME ref in AD and it is pointing to the IIS host.
URL is http://pac/proxy.pac
I also added the MIME setting for .pac
If I enter the file path into a browser, the PAC file is presented and I can open it if I like. I would assume this would mean the URL path is fine. However if I then type that address into the "Use Auto Config Script" section in the IE Internet options, and try browse a page, it just times out.
There are no events generated on the web host.
I cannot test the PAC file locally as I am running IE11 & apparently it no longer supports local paths for PAC files.
ASKER
I am guessing I am missing something from my PAC file. As it never seems to apply. I have tested it on a PC running IE7 (where apparently you can still run it from a local path), but nothing still.
I can manually enter the proxy server IP & port into the proxy settings in IE & it works, but just not when I point the auto config script to the pac file.
My basic test pac file is as follows ( I X'd out the IP details for privacy):
function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), “XXX.XXX.XXX.XXX”, “255.255.255.0”))
return “PROXY XXX.XXX.XXX.XXX:XXXX";
else
return “DIRECT”;
}
There are approx 15 subnets where I want users to point to the proxy. But lets just start with 1 subnet where the test machine is.
If the user is not in one of the subnets, then they need direct access.
Currently the page times out with the pac file in place.
I can manually enter the proxy server IP & port into the proxy settings in IE & it works, but just not when I point the auto config script to the pac file.
My basic test pac file is as follows ( I X'd out the IP details for privacy):
function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), “XXX.XXX.XXX.XXX”, “255.255.255.0”))
return “PROXY XXX.XXX.XXX.XXX:XXXX";
else
return “DIRECT”;
}
There are approx 15 subnets where I want users to point to the proxy. But lets just start with 1 subnet where the test machine is.
If the user is not in one of the subnets, then they need direct access.
Currently the page times out with the pac file in place.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for that, as you mentioned, I only want users to point to the proxy server in the office.
So if the pac file location was hosted on an internal resource, and I add the auto config file path, it should use it in the office, but it will ignore it at home and use auto detect? (just making sure the users don't have to make the changes themselves when in & out of the office).
So if the pac file location was hosted on an internal resource, and I add the auto config file path, it should use it in the office, but it will ignore it at home and use auto detect? (just making sure the users don't have to make the changes themselves when in & out of the office).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I don't have Auto detect ticked. Never did.
I just want for PC's to point to our proxy server when in the office & to have direct internet access anywhere else.
My understanding is that this is achieved through either a Proxy.pac or WPAD.dat file and entering the path into the "auto config script" section in the browsers LAN settings.
If this is not right, please tell me otherwise. I'm not saying that I need to use Proxy.pac or WPAD, but this is what I was advised was the most practical solution.
If this is right, then it brings us to problem 2 (But lets ignore everything said above for now. I just want the browser to detect the pac or wpad file first)
Neither file works when the path is entered into the browsers auto config script (when in the office). It appears as if the browser ignores the details in the script & the browser eventually fails to load anything. However if I navigate to the path with Windows Explorer, I am prompted to either open or save the file (which I assume means the path is correct). In older browsers, instead of opening the file, it displays the script text in the browser.
I have tested hosting the file locally on the client device, on a web server & in a UNC share. All fail to detect the file. I have since discovered that since IE10, you cannot use local paths anymore.
I read somewhere that the file needs to be saved as a ANSI file type, but this doesn't seem to change anything. I am out of ideas. Perhaps there is a role or feature that I am missing off the web host or off the client?
I just want for PC's to point to our proxy server when in the office & to have direct internet access anywhere else.
My understanding is that this is achieved through either a Proxy.pac or WPAD.dat file and entering the path into the "auto config script" section in the browsers LAN settings.
If this is not right, please tell me otherwise. I'm not saying that I need to use Proxy.pac or WPAD, but this is what I was advised was the most practical solution.
If this is right, then it brings us to problem 2 (But lets ignore everything said above for now. I just want the browser to detect the pac or wpad file first)
Neither file works when the path is entered into the browsers auto config script (when in the office). It appears as if the browser ignores the details in the script & the browser eventually fails to load anything. However if I navigate to the path with Windows Explorer, I am prompted to either open or save the file (which I assume means the path is correct). In older browsers, instead of opening the file, it displays the script text in the browser.
I have tested hosting the file locally on the client device, on a web server & in a UNC share. All fail to detect the file. I have since discovered that since IE10, you cannot use local paths anymore.
I read somewhere that the file needs to be saved as a ANSI file type, but this doesn't seem to change anything. I am out of ideas. Perhaps there is a role or feature that I am missing off the web host or off the client?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The file associations were in place already
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Our branch office DHCP scopes are managed on the router at each site by our ISP. For the ISP to add the appropriate scope setting in DHCP, it will cost thousands of dollars in project management & will take 3 months for them to implement.
Is that the only way to achieve what I am looking to do?