Skip to main content

Automatic Browser Configuration for Proxy Servers

In this How-To, we are going to cover the ability to automatically configure your browser to use a proxy. This should work fine with Mozilla FireFox, Internet Explorer and most other browsers, for Apple's Safari things are a little Different but I will cover that as best I can.

There are a few ways of doing thins but the actual proxy.pac or wpad.dat files are the most important. So we will start there.

Proxy Configuration Files PROXY.PAC and WPAD.DAT

They are actually the same file so you can just Alias or symlink the two files. So that if you edit the one the other “file” will also be updated. (I don’t think you can do this in windows but I might be wrong its been a long time.

In the Below Example we are going to tell the browser that if the domain we are going to matches a rule then go directly to the site, this is very useful for Internal sites like intranets that you don’t really need to cache. Then we will also tell the browser to go Direct for port 443 or https sites I doubt it’s a good idea to send that info via a proxy but that choice is up to you. Then we are going to tell the proxy that if your IP address falls with in a certain range to set the proxy address, causing the browser to use the proxy server.





OK lets start.
# vi proxy.pac

function FindProxyForURL(url, host)
{
if (shExpMatch(host, "*.YourDomain.com"))
return "DIRECT";
else if (url.substring(0,6)=="https:")
return "DIRECT";
else if (isInNet(myIpAddress(), "192.168.0.0", "255.255.252.0"))
return "PROXY 192.168.1.3:3128";
else
return "DIRECT";
}

That’s it no more no less. Although if you have the need you can add other directives to it for instance, if you have a setup where you are a mobile user and you have to use a proxy at your office as well as other branch offices and each branch has its own proxy server, then you can just do this

# vi proxy.pac

function FindProxyForURL(url, host)
{
if (shExpMatch(host, "*.YourDomain.com"))
return "DIRECT";
else if (url.substring(0,6)=="https:")
return "DIRECT";
else if (isInNet(myIpAddress(), "192.168.0.0", "255.255.252.0"))
return "PROXY 192.168.1.3:3128";
else if (isInNet(myIpAddress(), "192.168.4.0", "255.255.255.0"))
return "PROXY 192.168.4.3:3128";
else if (isInNet(myIpAddress(), "192.168.5.0", "255.255.255.0"))
return "PROXY 192.168.5.3:3128";
else
return "DIRECT";
}

Which in theory should tell the browser that if you local LAN address is in the 192.168.0.0/22 range then use Proxy 192.168.1.3 on port 3128 and If your IP address is in the 192.168.4.0/24 Range then your Proxy Server is going to be 192.168.4.3 on port 8080.

Implementation
Now implementing this

Like I said there are a number of ways of going this.

If its just for you then you could simply save the file somewhere on your hard drive and just tell your browser via the Preferences or Tools tab or something similar that your proxy configuration file is in /some/place/on/my/hdd/proxy.pac.

Now the fun part If you want to implement this for your entire company you can just use DNS and a web server

Create a CNAME entry on your DNS Server for your Domain

wpad.yourdomain.com CNAME webserv.yourdomain.com

Now put the file on the server and make sure that you can see the file and its contents if you point your browser to http://wpad.yourdomain.com/wpad.dat. Remember if you can't browse to it then your browser will not find it either if its set to Automatic Proxy.

One thing to keep in mind though is that the computers you are trying to configure should be set to look up or append anything to the domain

In a Unix environment including Apple and Linux
You can edit your /etc/resolv.conf
And make sure that there is a domain directive
For example


# less /etc/resolve.conf
domain mydomain.com
nameserver 192.168.0.2
nameserver 192.168.4.5

ISC DHCP SERVER ASSIGNED PROXY

There are a few other ways you could do this, you could for example use your DHCP server to notify its client that there is a proxy config file. I have never tried this, but if you are using the ISC DHCP Server then all you have to do is this.

Add the below to your dhcp config file

option wpad code 252 = text;
option wpad "http://www.example.com/proxy.pac";

the proxy.pac file would be the same as the example above.



I find that using a web (or dhcp not that I have tried it) server is probably more ideal, especially if you are trying to roll this out for multiple computers on a network.

But you can do the following if its just you, or if you are using Apple's Safari
By what I can see you have to tell it where the file is unlike Firefox or IE it does not search for the file via DNS

If you are running a Unix System you can also setup Apache server on your machine and place the proxy.pac file in the correct directory. So that if you browse to http:127.0.0.1/proxy.pac you get the content of the file, in which case you can configure the browser to look at http:127.0.0.1/proxy.pac instead of /some/place/on/my/hdd/proxy.pac.
You could do the same on a windows machine that has IIS installed.

Comments

Popular posts from this blog

Setting up and Installing Rancid on FreeBSD for Cisco Products

Setting up and Installing Rancid on FreeBSD for Cisco Products What is Rancid? Rancid is an application that monitors a devices configuration including software and hardware. The configuration is then stored in a Concurrent Version System or CVS. Most of the time it is used to back up router, switch and firewall configurations, as well as notify you when a configuration has changed, i.e a firewall rule or a routers IP address or access list change. here is an example of the output =================================================================== retrieving revision 1.29 diff -u -4 -r1.29 mpls-jhb-pe1 @@ -288,9 +288,9 @@ ! interface Serial0/0 description Link to Client X bandwidth 2048 - ip address 192.168.1.244 255.255.255.254 + ip address 192.168.1.234 255.255.255.254 ip route-cache flow ip tcp header-compression iphc-format ip tcp compression-connections 256 ! ip ospf message-digest-key 1 md5 the - symbol represents what was removed the + symbol represents what was added The abo...

Tacacs+ Install and Config Guide

Tacacs+ Install and Config Guide What is TACACS As per wikipedia Terminal access controller access control system (TACACS) is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. Installing Tacacs on FreeBSD This guide is intended to be a basic implementation of TACACS+, so although there are may features I am just going to document what I generally use. Please note that tac_plus is also available from Shrubbery Networks if you would like to install and configure on another platform. You may also want to check out my Rancid How-To Once again its in your ports directory. cd to /usr/ports/net/tac_plus4/ run a "make install clean" Once installed vi /usr/local/etc/rc.d/tac_plus.sh Then Change the following line from NO to YES tac_plus_enable=$ Save the file, then vi /e...

FreeBSD, Postfix, Mailscanner and Mailwatch Installation

Installing postfix, mailscanner and mailwatch on FreeBSD I have setup a number of servers using mailscanner and postfix to do antispam and antivirus checking. This particular example will show you how to set the server up as a mail gateway. i.e. all inbound and outbound mail will go via this server. You can also use the server as a pop3/imap4 server and doing so, does make life a little easier as you don't have to worry about the transport and relay_hosts files. At a later stage I will show that info too..... when I get a chance. This my seem strange but as there is quite a bit involved in installing and configuring I am splitting this into two How-To's this one, The install How-To and the configuration How-To First off its probably best to start on a new install of FreeBSD. Once you have done the initial portsnap fetch and portsnap extract Right here we go. Two things you might want to do is force your NIC to 100MB full duplex and install lsof Type in ifconfig and check if the...