| Rev | Author | # | Line |
|---|---|---|---|
| 41 | CraigBox | 1 | [Acronym] for __W__eb __P__roxy __A__uto__d__iscovery Protocol. |
| 2 | |||
| 3 | WPAD lets web browsers automatically find and use a WebProxy (see our ProxyServerNotes). A reasonable starting point for WPAD is here: http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.10 | ||
| 4 | |||
| 43 | AristotlePagaltzis | 5 | WPAD lets you use many methods to automatically specify a proxy server configuration file on the network - [DHCP], [DNS], or manual specification. The file is a .PAC (Proxy Auto Configuration) file, which is defined in Netscape's [definition of PAC files | http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html]. |
| 41 | CraigBox | 6 | |
| 7 | ---- | ||
| 8 | |||
| 43 | AristotlePagaltzis | 9 | !!! The Easy Method |
| 41 | CraigBox | 10 | |
| 43 | AristotlePagaltzis | 11 | # If all your clients are <tt>something.yourdomain.tla</tt> (the connection suffix is assigned with [DHCP] - if you're unsure, and running Windows, run <tt>ipconfig</tt> from a command prompt). |
| 41 | CraigBox | 12 | |
| 43 | AristotlePagaltzis | 13 | # Set your gateway machine up so that it has a CNAME for <tt>wpad.yourdomain.tla</tt> pointing to <tt>server.yourdomain.tla</tt> |
| 41 | CraigBox | 14 | |
| 43 | AristotlePagaltzis | 15 | # Copy something like this into your document root as <tt>wpad.dat</tt>: |
| 41 | CraigBox | 16 | |
| 43 | AristotlePagaltzis | 17 | <verbatim> |
| 18 | function FindProxyForURL(url, host) | ||
| 19 | { | ||
| 20 | if( shExpMatch(url, "!https:*") || isPlainHostName(host) || \ | ||
| 21 | dnsDomainIs(host, ".yourdomain.tla") || dnsDomainIs(host, ".youralias.tla") ) | ||
| 22 | { | ||
| 41 | CraigBox | 23 | return "DIRECT"; |
| 43 | AristotlePagaltzis | 24 | } else { |
| 41 | CraigBox | 25 | return "PROXY www-cache.yourdomain.tla:3128; DIRECT"; |
| 43 | AristotlePagaltzis | 26 | } |
| 27 | } | ||
| 28 | </verbatim> | ||
| 41 | CraigBox | 29 | |
| 43 | AristotlePagaltzis | 30 | # Check you can access it by going <tt>~http://wpad.yourdomain.tla/wpad.dat</tt>. |
| 41 | CraigBox | 31 | |
| 43 | AristotlePagaltzis | 32 | # Make Apache serve it with the correct [MIME] type (<tt>application/x-ns-proxy-autoconfig</tt>) using a virtual host in your [Apache] configuration file (<tt>/etc/apache/httpd.conf</tt>): |
| 41 | CraigBox | 33 | |
| 43 | AristotlePagaltzis | 34 | <verbatim> |
| 35 | <VirtualHost ip.ad.dr.es> | ||
| 36 | ServerName wpad.yourdomain.tla | ||
| 37 | ServerAlias ip.ad.dr.ess | ||
| 38 | AddType application/x-ns-proxy-autoconfig .dat | ||
| 39 | </VirtualHost> | ||
| 40 | </verbatim> | ||
| 41 | |||
| 42 | (The alias is added because MSIE 6.00.2800.1106 on Win98SE does not look up the hostname.) | ||
| 41 | CraigBox | 43 | |
| 44 | ---- | ||
| 45 | |||
| 46 | InternetExplorer has a "Automatically detect settings" check box. This will cause the browser to search for the configuration file. | ||
| 47 | |||
| 43 | AristotlePagaltzis | 48 | If your DomainName is machine.something.meta.net.nz then InternetExplorer will request the following [URL]s until it finds a [WPAD] configuration file. |
| 49 | |||
| 50 | * <tt>~http://wpad.something.meta.net.nz/wpad.dat</tt> | ||
| 51 | * <tt>~http://wpad.meta.net.nz/wpad.dat</tt> | ||
| 52 | * <tt>~http://wpad.net.nz/wpad.dat</tt> | ||
| 53 | |||
| 54 | (It’s only supposed to check to the second level, but according to the [Microsoft Security Bulletin MS99-054 | http://www.microsoft.com/technet/security/bulletin/ms99-054.mspx] the third level was special-cased in some unspecified ways. Presumably someone could register <tt>wpad.co.nz</tt> and be really nasty if they wanted.) | ||
| 46 | BeauButler | 55 | |
| 56 | (BeauButler: I _have_ registered wpad.co.nz, and do _not_ intend to be 'really nasty'. I am collecting the 404 logs with the intention to produce some nice charts, hoever. Also, the wpad organisational-boundaries bug appears to have _resurfaced_ in Internet Explorer 7!!) | ||
| 41 | CraigBox | 57 | |
| 45 | DuaneWessels | 58 | ''<tt>wpad.com</tt> does actually exist and is owned by Duane Wessles, the author of [Web Caching | http://www.oreilly.com/catalog/webcaching/]. There's no <tt>wpad.dat</tt> there. I mailed him a while back asking about it, and he constantly gets between 10 and 40 hits per second depending on the time of day. The 404 logs for that site are at http://www.life-gone-hazy.com/%7esnmp/http_status.cgi if you're interested.'' —zcat(1) |
| 41 | CraigBox | 59 | |
| 60 | Note: you might need to take the tick out of the check box and put it back in order to make it go. | ||
| 61 | |||
| 43 | AristotlePagaltzis | 62 | Warning: beware that Internet Explorer 5.5+ may cache your wpad file and not recognize future changes you make to it -- this feature is referred to as Automatic Proxy Result Cache ([MS KB 271361 | http://support.microsoft.com/default.aspx?scid=kb;EN-US;271361]). If you turn off "Automatically detect settings", save the change, restart IE, turn it back on, and restart IE again, then it will force a refresh of the <tt>wpad.dat</tt> file from your WebServer. (If you're lucky. It seems IE 6 refuses to flush even then.) Here is [a Google Groups discussion of the issue | http://groups.google.com/groups?selm=b6239t%24mif%241%40FreeBSD.csie.NCTU.edu.tw]. |
| 63 | |||
| 64 | Some versions of IE have a bug and request wpad.da instead of wpad.dat. Copying or linking wpad.dat to wpad.da should work around this. Don't forget to set the appropriate [MIME] type for this file as well. | ||
| 41 | CraigBox | 65 | |
| 66 | ---- | ||
| 67 | |||
| 43 | AristotlePagaltzis | 68 | !!! Other alternatives |
| 69 | |||
| 70 | (Substitute <tt>host.co.nz</tt> for your hostname in these examples.) | ||
| 71 | |||
| 72 | |||
| 73 | !! The DHCP method | ||
| 74 | |||
| 75 | MicrosoftCorporation's "preferred option", which like most MSFT'isms, doesn't actually work. | ||
| 76 | |||
| 77 | Add the following to your <tt>/etc/dhcpd.conf</tt>: | ||
| 41 | CraigBox | 78 | |
| 79 | <verbatim> | ||
| 43 | AristotlePagaltzis | 80 | option option-252 "http://wpad.host.co.nz/proxy.pac"; |
| 41 | CraigBox | 81 | </verbatim> |
| 82 | |||
| 43 | AristotlePagaltzis | 83 | With ISC DHCP v3+, <tt>option-#</tt> options don't work. You have to do this in the global section of your configuration: |
| 84 | |||
| 41 | CraigBox | 85 | <verbatim> |
| 43 | AristotlePagaltzis | 86 | option wpad-url code 252 = text; (define a new option) |
| 41 | CraigBox | 87 | </verbatim> |
| 88 | |||
| 89 | And add this in either the global or appropriate subnet section(s) of your configuration: | ||
| 43 | AristotlePagaltzis | 90 | |
| 41 | CraigBox | 91 | <verbatim> |
| 43 | AristotlePagaltzis | 92 | option wpad-url "http://wpad.my.domain.tld/proxy.pac\n"; (use new option) |
| 41 | CraigBox | 93 | </verbatim> |
| 94 | |||
| 43 | AristotlePagaltzis | 95 | You might like to try using an [IP] address there instead; there has been a report that a [DNS] name doesn't work, but no indication on what version of dhcpd(8). |
| 41 | CraigBox | 96 | |
| 43 | AristotlePagaltzis | 97 | __NOTE__: |
| 98 | It seems that IE eats the last character of the URL given in option 252. You have to append a space there (or any other character) to get it working: | ||
| 41 | CraigBox | 99 | |
| 100 | <verbatim> | ||
| 43 | AristotlePagaltzis | 101 | option wpad-url "http://wpad.my.domain.tld/proxy.pac "; |
| 41 | CraigBox | 102 | </verbatim> |
| 103 | |||
| 47 | AdamNielsen | 104 | (tested with ISC DHCPD server v3.0.1 and MS IE v6.0 SP2). Alternatively (in case this is fixed in future) you may wish to have an autoproxy file with the last letter missing, e.g. "ln -s proxy.pac proxy.pa" (tested and works with the default XP x64 install in Aug 2007, which didn't seem to work with a trailing space in the DHCP option.) |
| 41 | CraigBox | 105 | |
| 43 | AristotlePagaltzis | 106 | or if you're configuring a Windows DHCP server, right click on the server and click "Set predefined options" to add 252 as a String value (it's not in there by defult. See [MS KB 252898 | http://support.microsoft.com/default.aspx?scid=kb;EN-US;252898] for more.) |
| 41 | CraigBox | 107 | |
| 43 | AristotlePagaltzis | 108 | !! The DNS method(s) |
| 109 | |||
| 110 | Add all or some of the follwing entries to your DNS zone file. | ||
| 41 | CraigBox | 111 | |
| 112 | <verbatim> | ||
| 43 | AristotlePagaltzis | 113 | $ORIGIN host.co.nz. |
| 114 | wpad IN A 192.168.0.254 | ||
| 115 | IN TXT "service: wpad:!http://wpad.host.co.nz:80/proxy.pac" | ||
| 116 | wpad.tcp IN SRV 0 0 80 wpad.host.co.nz. | ||
| 41 | CraigBox | 117 | </verbatim> |
| 118 | |||
| 43 | AristotlePagaltzis | 119 | !!! See also |
| 41 | CraigBox | 120 | |
| 121 | * RFC:2052 | ||
| 122 | * RFC:3040 | ||
| 123 | * [Internet Draft on WPAD|http://www.web-cache.com/Writings/Internet-Drafts/draft-ietf-wrec-wpad-01.txt] | ||
| 48 | TopDeck | 124 | * [http://wiki.debian.org/ProxyAutodetectConf] |
| 41 | CraigBox | 125 | * [Super Proxy Scripts|http://naragw.sharp.co.jp/sps/] |
| 49 | JulieRegis | 126 | |
| 41 | CraigBox | 127 | ---- |
| 42 | KasperSandberg | 128 | |
| 44 | CraigBox | 129 | !!Konqueror and isInNet() function |
| 130 | |||
| 131 | Michael Zieger writes: | ||
| 41 | CraigBox | 132 | |
| 133 | If you try to use a wpad.dat in Konqueror (I tested version 3.2.2), be aware that the following does NOT work: | ||
| 134 | |||
| 135 | <verbatim> | ||
| 136 | if (isInNet(myIpAddress(), "10.0.0.0", "255.0.0.0") || isInNet(myIpAddress(), "192.168.0.0", "255.255.0.0")) | ||
| 137 | </verbatim> | ||
| 138 | |||
| 139 | It seems Konqueror does not know the function "isInNet". Therefore, I changed the config slightly: | ||
| 140 | |||
| 141 | <verbatim> | ||
| 43 | AristotlePagaltzis | 142 | var proxy_yes = "PROXY proxy.i.zmi.at:3128; DIRECT"; |
| 143 | var proxy_no = "DIRECT"; | ||
| 41 | CraigBox | 144 | |
| 43 | AristotlePagaltzis | 145 | // WARNING: The "dnsDomainIs" is a check of which DNS domain the _client_ |
| 146 | // is inside. It's not a check for where the client wants to go!!! | ||
| 147 | // if (dnsDomainIs( host,"zmi.at") { return proxy_no; } | ||
| 148 | // Proxy if PC is on local LAN - doesn't work with Konqueror! | ||
| 149 | // So this test is for Internet Explorer and compatible only | ||
| 150 | if (isInNet(myIpAddress(), "10.0.0.0", "255.0.0.0") || isInNet(myIpAddress(), "192.168.0.0", "255.255.0.0")) { | ||
| 151 | if( | ||
| 152 | url.substring(0, 5) == "http:" | ||
| 153 | || url.substring(0, 4) == "ftp:" | ||
| 154 | || url.substring(0, 7) == "gopher:" | ||
| 155 | ) | ||
| 156 | return proxy_yes; | ||
| 157 | else | ||
| 158 | return proxy_no; | ||
| 159 | } | ||
| 41 | CraigBox | 160 | |
| 43 | AristotlePagaltzis | 161 | // Konqueror comes until here: |
| 162 | if( | ||
| 163 | url.substring(0, 5) == "http:" | ||
| 164 | || url.substring(0, 4) == "ftp:" | ||
| 165 | || url.substring(0, 7) == "gopher:" | ||
| 166 | ) | ||
| 167 | return proxy_yes; | ||
| 168 | else | ||
| 169 | return proxy_no; | ||
| 41 | CraigBox | 170 | </verbatim> |
| 171 | |||
| 44 | CraigBox | 172 | Now you even can differentiate between Konqueror and InternetExplorer, and could give them different proxies. If you want to download the running config, visit http://zmi.at/wpad.dat. |
| 173 | |||
| 174 | Kasper Sandberg reports that isInNet works with a proxy.pac file in 3.5.3. | ||
| 41 | CraigBox | 175 | |
| 176 | ---- | ||
| 177 | |||
| 44 | CraigBox | 178 | !!Localhost routing broken |
| 179 | |||
| 180 | Google Desktop Search being blocked? Add an <tt>isInNet(host, "127.0.0.0", "255.0.0.0")</tt>: | ||
| 181 | |||
| 182 | <verbatim> | ||
| 183 | function FindProxyForURL(url, host) | ||
| 184 | { | ||
| 185 | if ( | ||
| 186 | dnsDomainIs(host, ".local") || | ||
| 187 | isInNet(host, "127.0.0.1", "255.255.255.255") || | ||
| 188 | isInNet(host, "10.7.x.0", "255.255.255.0") || | ||
| 189 | isPlainHostName(host) | ||
| 190 | ) | ||
| 191 | return "DIRECT"; | ||
| 192 | else | ||
| 193 | return "PROXY wherever:8080; DIRECT"; | ||
| 194 | } | ||
| 195 | </verbatim> | ||
| 41 | CraigBox | 196 | |
| 197 | ---- | ||
| 198 | CategorySystemAdministration |
lib/blame.php:177: Warning: Invalid argument supplied for foreach() (...repeated 6 times)