[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to use PAC file to configure browser to use proxy server when inside work network, but use autodetect when connected anywhere else

Posted on 2014-08-27
13
Medium Priority
?
615 Views
Last Modified: 2014-11-30
I would like our Laptop users to point to our Proxy server when they are connected inside any of the branch offices in our network. I would also like the browsers to use AutoDetect settings when connected anywhere else (eg when they are at home).

Is this possible with a PAC file?
0
Comment
Question by:Howzatt
  • 7
  • 4
  • 2
13 Comments
 
LVL 17

Assisted Solution

by:BudDurland
BudDurland earned 668 total points
ID: 40291293
Usually the user workstation is configured for "automatic settings".  This will instruct IE to search for a proxy configuration file on an internal web server.  Some info here:

http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol 

Depending on the gear you are using, it is often easier to simply enable transparent proxying.
0
 

Author Comment

by:Howzatt
ID: 40291831
I would prefer not to use DHCP to deploy the WPAD.
Our branch office DHCP scopes are managed on the router at each site by our ISP. For the ISP to add the appropriate scope setting in DHCP, it will cost thousands of dollars in project management & will take 3 months for them to implement.  

Is that the only way to achieve what I am looking to do?
0
 
LVL 17

Assisted Solution

by:BudDurland
BudDurland earned 668 total points
ID: 40292426
If you have control of the DNS server for the domain your machines belong to,y ou can create an 'A' record for the host 'wpad'.  Then point that to a web server (which is also assumed to be under your control).  Client computers will look for proxy settings at http://wpad/wpad.dat.  Create your PAC file and save it as 'wpad.dat' in the root folder of the web server.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:Howzatt
ID: 40313742
Thanks for that. Do you know where I can get an example of a wpad file?

I want to add the list of subnets for our branch offices (for which to use the Proxy server)
and I would like it to treat any other network as direct internet access.
0
 

Author Comment

by:Howzatt
ID: 40336063
I ended up going with a PAC file.
I have hosted on a web server, created the PAC CNAME ref in AD and it is pointing to the IIS host.
URL is http://pac/proxy.pac
I also added the MIME setting for .pac

If I enter the file path into a browser, the PAC file is presented and I can open it if I like. I would assume this would mean the URL path is fine. However if I then type that address into the "Use Auto Config Script" section in the IE Internet options, and try browse a page, it just times out.

There are no events generated on the web host.

I cannot test the PAC file locally as I am running IE11 & apparently it no longer supports local paths for PAC files.
0
 

Author Comment

by:Howzatt
ID: 40338063
I am guessing I am missing something from my PAC file. As it never seems to apply. I have tested it on a PC running IE7 (where apparently you can still run it from a local path), but nothing still.

I can manually enter the proxy server IP & port into the proxy settings in IE & it works, but just not when I point the auto config script to the pac file.

My basic test pac file is as follows ( I X'd out the IP details for privacy):

function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), “XXX.XXX.XXX.XXX”, “255.255.255.0”))
      return “PROXY XXX.XXX.XXX.XXX:XXXX";
else
      return “DIRECT”;
}


There are approx 15 subnets where I want users to point to the proxy. But lets just start with 1 subnet where the test machine is.

If the user is not in one of the subnets, then they need direct access.
Currently the page times out with the pac file in place.
0
 
LVL 22

Assisted Solution

by:dan_blagut
dan_blagut earned 1332 total points
ID: 40342574
Hello

We use pac file from several years now. If the pac file is located on a internal ressource then don't worry in the outside word the IE will ignore the proxy file.
This is the good side of the pac file. You can specify one or more proxy servers inside LAN without forcing user to modify the proxy server settings when it goes outside LAN.
If you put the file locally then it will be availlable all time, so it will apply all time.
the only problem is when the user are connected using a VPN: you should control the pac file using the VPN software solution.
here you have a testing pac tools if you need: https://code.google.com/p/pactester/


Dan
0
 

Author Comment

by:Howzatt
ID: 40343056
Thanks for that, as you mentioned, I only want users to point to the proxy server in the office.
So if the pac file location was hosted on an internal resource, and I add the auto config file path, it should use it in the office, but it will ignore it at home and use auto detect? (just making sure the users don't have to make the changes themselves when in & out of the office).
0
 
LVL 22

Assisted Solution

by:dan_blagut
dan_blagut earned 1332 total points
ID: 40343262
In fact the users don't need proxy servers outside. So you don't need to check "Automatically detect settings". Because the pac file is not availlable outside, the first page will open 5 seconds slower (until IE understood that there aren't a pac file), then all works normally.
User are forced to modify settings if they visit another office that require proxy server. But if they visit this place all times you can install firefox on the pc (is the only browser I know that can use a different proxy configuration) .
Dan
0
 

Author Comment

by:Howzatt
ID: 40349274
I don't have Auto detect ticked. Never did.

I just want for PC's to point to our proxy server when in the office & to have direct internet access anywhere else.

My understanding is that this is achieved through either a Proxy.pac or WPAD.dat file and entering the path into the "auto config script" section in the browsers LAN settings.

If this is not right, please tell me otherwise. I'm not saying that I need to use Proxy.pac or WPAD, but this is what I was advised was the most practical solution.
 
If this is right, then it brings us to problem 2 (But lets ignore everything said above for now. I just want the browser to detect the pac or wpad file first)

Neither file works when the path is entered into the browsers auto config script (when in the office). It appears as if the browser ignores the details in the script & the browser eventually fails to load anything. However if I navigate to the path with Windows Explorer, I am prompted to either open or save the file (which I assume means the path is correct). In older browsers, instead of opening the file, it displays the script text in the browser.

I have tested hosting the file locally on the client device, on a web server & in a UNC share. All fail to detect the file. I have since discovered that since IE10, you cannot use local paths anymore.

I read somewhere that the file needs to be saved as a ANSI file type, but this doesn't seem to change anything. I am out of ideas. Perhaps there is a role or feature that I am missing off the web host or off the client?
0
 
LVL 22

Assisted Solution

by:dan_blagut
dan_blagut earned 1332 total points
ID: 40349302
One cause could by that you need to create a associations for the .pac file like text file on the IIS server where the file is hosted.

Dan
0
 

Author Comment

by:Howzatt
ID: 40358756
The file associations were in place already
0
 
LVL 22

Accepted Solution

by:
dan_blagut earned 1332 total points
ID: 40358833
the pac should be published on IE like http://yourlocalwebserver/pathifneeded/pacfilename.pac
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question