In this How-To, we are going to cover the ability to automatically configure your browser to use a proxy. This should work fine with Mozilla FireFox, Internet Explorer and most other browsers, for Apple's Safari things are a little Different but I will cover that as best I can.
There are a few ways of doing thins but the actual proxy.pac or wpad.dat files are the most important. So we will start there.
Proxy Configuration Files PROXY.PAC and WPAD.DAT
They are actually the same file so you can just Alias or symlink the two files. So that if you edit the one the other “file” will also be updated. (I don’t think you can do this in windows but I might be wrong its been a long time.
In the Below Example we are going to tell the browser that if the domain we are going to matches a rule then go directly to the site, this is very useful for Internal sites like intranets that you don’t really need to cache. Then we will also tell the browser to go Direct for port 443 or https sites I doubt it’s a good idea to send that info via a proxy but that choice is up to you. Then we are going to tell the proxy that if your IP address falls with in a certain range to set the proxy address, causing the browser to use the proxy server.
OK lets start.
# vi proxy.pac
function FindProxyForURL(url, host)
{
if (shExpMatch(host, "*.YourDomain.com"))
return "DIRECT";
else if (url.substring(0,6)=="https:")
return "DIRECT";
else if (isInNet(myIpAddress(), "192.168.0.0", "255.255.252.0"))
return "PROXY 192.168.1.3:3128";
else
return "DIRECT";
}
That’s it no more no less. Although if you have the need you can add other directives to it for instance, if you have a setup where you are a mobile user and you have to use a proxy at your office as well as other branch offices and each branch has its own proxy server, then you can just do this
# vi proxy.pac
function FindProxyForURL(url, host)
{
if (shExpMatch(host, "*.YourDomain.com"))
return "DIRECT";
else if (url.substring(0,6)=="https:")
return "DIRECT";
else if (isInNet(myIpAddress(), "192.168.0.0", "255.255.252.0"))
return "PROXY 192.168.1.3:3128";
else if (isInNet(myIpAddress(), "192.168.4.0", "255.255.255.0"))
return "PROXY 192.168.4.3:3128";
else if (isInNet(myIpAddress(), "192.168.5.0", "255.255.255.0"))
return "PROXY 192.168.5.3:3128";
else
return "DIRECT";
}
Which in theory should tell the browser that if you local LAN address is in the 192.168.0.0/22 range then use Proxy 192.168.1.3 on port 3128 and If your IP address is in the 192.168.4.0/24 Range then your Proxy Server is going to be 192.168.4.3 on port 8080.
Implementation
Now implementing this
Like I said there are a number of ways of going this.
If its just for you then you could simply save the file somewhere on your hard drive and just tell your browser via the Preferences or Tools tab or something similar that your proxy configuration file is in /some/place/on/my/hdd/proxy.pac.
Now the fun part If you want to implement this for your entire company you can just use DNS and a web server
Create a CNAME entry on your DNS Server for your Domain
wpad.yourdomain.com CNAME webserv.yourdomain.com
Now put the file on the server and make sure that you can see the file and its contents if you point your browser to http://wpad.yourdomain.com/wpad.dat. Remember if you can't browse to it then your browser will not find it either if its set to Automatic Proxy.
One thing to keep in mind though is that the computers you are trying to configure should be set to look up or append anything to the domain
In a Unix environment including Apple and Linux
You can edit your /etc/resolv.conf
And make sure that there is a domain directive
For example
# less /etc/resolve.conf
domain mydomain.com
nameserver 192.168.0.2
nameserver 192.168.4.5
ISC DHCP SERVER ASSIGNED PROXY
There are a few other ways you could do this, you could for example use your DHCP server to notify its client that there is a proxy config file. I have never tried this, but if you are using the ISC DHCP Server then all you have to do is this.
Add the below to your dhcp config file
option wpad code 252 = text;
option wpad "http://www.example.com/proxy.pac";
the proxy.pac file would be the same as the example above.
I find that using a web (or dhcp not that I have tried it) server is probably more ideal, especially if you are trying to roll this out for multiple computers on a network.
But you can do the following if its just you, or if you are using Apple's Safari
By what I can see you have to tell it where the file is unlike Firefox or IE it does not search for the file via DNS
If you are running a Unix System you can also setup Apache server on your machine and place the proxy.pac file in the correct directory. So that if you browse to http:127.0.0.1/proxy.pac you get the content of the file, in which case you can configure the browser to look at http:127.0.0.1/proxy.pac instead of /some/place/on/my/hdd/proxy.pac.
You could do the same on a windows machine that has IIS installed.
There are a few ways of doing thins but the actual proxy.pac or wpad.dat files are the most important. So we will start there.
Proxy Configuration Files PROXY.PAC and WPAD.DAT
They are actually the same file so you can just Alias or symlink the two files. So that if you edit the one the other “file” will also be updated. (I don’t think you can do this in windows but I might be wrong its been a long time.
In the Below Example we are going to tell the browser that if the domain we are going to matches a rule then go directly to the site, this is very useful for Internal sites like intranets that you don’t really need to cache. Then we will also tell the browser to go Direct for port 443 or https sites I doubt it’s a good idea to send that info via a proxy but that choice is up to you. Then we are going to tell the proxy that if your IP address falls with in a certain range to set the proxy address, causing the browser to use the proxy server.
OK lets start.
# vi proxy.pac
function FindProxyForURL(url, host)
{
if (shExpMatch(host, "*.YourDomain.com"))
return "DIRECT";
else if (url.substring(0,6)=="https:")
return "DIRECT";
else if (isInNet(myIpAddress(), "192.168.0.0", "255.255.252.0"))
return "PROXY 192.168.1.3:3128";
else
return "DIRECT";
}
That’s it no more no less. Although if you have the need you can add other directives to it for instance, if you have a setup where you are a mobile user and you have to use a proxy at your office as well as other branch offices and each branch has its own proxy server, then you can just do this
# vi proxy.pac
function FindProxyForURL(url, host)
{
if (shExpMatch(host, "*.YourDomain.com"))
return "DIRECT";
else if (url.substring(0,6)=="https:")
return "DIRECT";
else if (isInNet(myIpAddress(), "192.168.0.0", "255.255.252.0"))
return "PROXY 192.168.1.3:3128";
else if (isInNet(myIpAddress(), "192.168.4.0", "255.255.255.0"))
return "PROXY 192.168.4.3:3128";
else if (isInNet(myIpAddress(), "192.168.5.0", "255.255.255.0"))
return "PROXY 192.168.5.3:3128";
else
return "DIRECT";
}
Which in theory should tell the browser that if you local LAN address is in the 192.168.0.0/22 range then use Proxy 192.168.1.3 on port 3128 and If your IP address is in the 192.168.4.0/24 Range then your Proxy Server is going to be 192.168.4.3 on port 8080.
Implementation
Now implementing this
Like I said there are a number of ways of going this.
If its just for you then you could simply save the file somewhere on your hard drive and just tell your browser via the Preferences or Tools tab or something similar that your proxy configuration file is in /some/place/on/my/hdd/proxy.pac.
Now the fun part If you want to implement this for your entire company you can just use DNS and a web server
Create a CNAME entry on your DNS Server for your Domain
wpad.yourdomain.com CNAME webserv.yourdomain.com
Now put the file on the server and make sure that you can see the file and its contents if you point your browser to http://wpad.yourdomain.com/wpad.dat. Remember if you can't browse to it then your browser will not find it either if its set to Automatic Proxy.
One thing to keep in mind though is that the computers you are trying to configure should be set to look up or append anything to the domain
In a Unix environment including Apple and Linux
You can edit your /etc/resolv.conf
And make sure that there is a domain directive
For example
# less /etc/resolve.conf
domain mydomain.com
nameserver 192.168.0.2
nameserver 192.168.4.5
ISC DHCP SERVER ASSIGNED PROXY
There are a few other ways you could do this, you could for example use your DHCP server to notify its client that there is a proxy config file. I have never tried this, but if you are using the ISC DHCP Server then all you have to do is this.
Add the below to your dhcp config file
option wpad code 252 = text;
option wpad "http://www.example.com/proxy.pac";
the proxy.pac file would be the same as the example above.
I find that using a web (or dhcp not that I have tried it) server is probably more ideal, especially if you are trying to roll this out for multiple computers on a network.
But you can do the following if its just you, or if you are using Apple's Safari
By what I can see you have to tell it where the file is unlike Firefox or IE it does not search for the file via DNS
If you are running a Unix System you can also setup Apache server on your machine and place the proxy.pac file in the correct directory. So that if you browse to http:127.0.0.1/proxy.pac you get the content of the file, in which case you can configure the browser to look at http:127.0.0.1/proxy.pac instead of /some/place/on/my/hdd/proxy.pac.
You could do the same on a windows machine that has IIS installed.
Comments