Sonora Communications, Inc.

  • Increase font size
  • Default font size
  • Decrease font size

Browser Auto-Configuration for Proxy Server

Thursday, 18 January 2007 03:19 Gene Cooper
E-mail Print PDF

Reference

http://www.craigjconsulting.com/proxypac.html 

http://www.craigjconsulting.com/setproxy.html

http://en.wikipedia.org/wiki/Proxy_auto-config

Auto-Configuration of Internet Explorer

Web Proxy Autodiscovery Protocol (WPAD)

  • Make sure the client computer is setup with the correct search domain
    • Manually, or preferrably from DHCP
  • Configure IE
  • Checkmark Autodetect proxy
  • Make sure no other settings are checked
  • Create a CNAME (alias in MS speak) entry called wpad that points to your web server
  • Make a copy of your proxy.pac file and rename it wpad.dat
    • Put it in the default root directory of the web server
    • Or symlink to the proxy.pac

Internet Explorer is hardcoded to look for a web server called wpad.

The sequence of events goes like this:

  1. IE is started.
  2. IE determines that the local clients primary search domain is subdomain.domain.com.
  3. IE attempts to download the file http://wpad.subdomain.domain.com/wpad.dat
    1. If successful, IE autoconfigures and brings up the default web page.
    2. If it fails, IE truncates the search domain by 1, then attempts to download the file http://wpad.domain.com/wpad.dat
    3. If this fails, IE then attempts to connect directly.

You can point the CNAME entries to two separate webservers which gives you redundancy in case the first webserver goes down.

Use the Login Script to Force Proxy Settings 

In the main login script add the line:

regedit /s %logonserver%\netlogon\setpxy.reg

This assumes that you have copied setpxy.reg to the netlogon folder.

To create the setpxy.reg file, use any editor to create the file with DOS line-endings:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"="<your proxy IP address>:8080"
"ProxyEnable"=dword:00000001
"ProxyOverride"="<local>"

Change <your proxy IP address> to the private IP address of your HTTP Proxy, and <local> to 127.0.0.1 or any combination of URL's for which you want to bypass the proxy.  Experiment with this for a while to get the syntax right.

proxy.pac

This url has good info on the proxy.pac file and it's options:

http://en.wikipedia.org/wiki/Proxy_auto-config

Example proxy.pac

function FindProxyForURL(url, host) {
// our local URLs from the domains below foo.com don't need a proxy:
if (shExpMatch(url,"*.foo.com/*")) {return "DIRECT";}
if (shExpMatch(url, "*.foo.com:*/*")) {return "DIRECT";}

// URLs within this network are accessed through
// port 8080 on fastproxy.foo.com:
if (isInNet(host, "10.0.0.0", "255.255.248.0")) {
return "PROXY fastproxy.foo.com:8080"
}

// All other requests go through port 8080 of proxy.foo.com.
// should that fail to respond, go directly to the WWW:
return "PROXY proxy.foo.com:8080; DIRECT";
}
< Prev   Next >
Last Updated on Sunday, 06 July 2008 21:21  

Main Menu

Secure Client Login

Email Address:

Password: