[SOLVED] MultiLAN squid + proxy.pac for browsers + Chromium (doesn't work)
-
I started to using squid3 with pfSense.
I have 4 LAN with squid3 activated.
Browsers read a proxy.pac file that say were is the proxy for each LAN and same destinations not to use the proxy.
function FindProxyForURL(url, host) { if (shExpMatch(url,"*//aaaaaaa.*")) {return "DIRECT";} if (shExpMatch(url,"*.bbbbbbb.tld/*")) {return "DIRECT";} if (shExpMatch(url,"*.ccccccc.tld/*")) {return "DIRECT";} if (shExpMatch(url,"*.ddddddd.tld/*")) {return "DIRECT";} if (shExpMatch(url,"*.eeeeeee.tld/*")) {return "DIRECT";} if (shExpMatch(url,"*.fffffff.tld/*")) {return "DIRECT";} if (isInNet(myIpAddress(), "192.168.0.0", "255.255.255.0")) {return "PROXY 192.168.0.1:3128";} if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0")) {return "PROXY 192.168.1.1:3128";} if (isInNet(myIpAddress(), "192.168.2.0", "255.255.255.0")) {return "PROXY 192.168.2.1:3128";} if (isInNet(myIpAddress(), "192.168.3.0", "255.255.255.0")) {return "PROXY 192.168.3.1:3128";} return "DIRECT"; }
Today I see that there is an important bug for Chrome browser.
I doesn't understand myIpAddress()
http://code.google.com/p/chromium/issues/detail?id=175652#c11
Any idea to solve this?
-
Use "host = host.toLowerCase();" in combination with "dnsResolve(host)" as a replacement for "myIpAddress()".
Unfortunately I only have 1 LAN to worry about.Here is my proxy.pac as an example:
function FindProxyForURL(url, host) { url = url.toLowerCase(); host = host.toLowerCase(); isHttp = (url.substring(0,5) == "http:"); isHttps = (url.substring(0,6) == "https:") // If the requested website is hosted within the internal network, send direct. if (isPlainHostName(host) || shExpMatch(host, "*.home") || shExpMatch(host, "*.local") || isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") || isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") || isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") || isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")) { return "DIRECT"; } // Forward non-http(s) and some hosts to forward proxy (or DIRECT) if((!isHttp && !isHttps) // Skip all non http(s) || dnsDomainIs(host, "microsoft.com") || dnsDomainIs(host, "windowsupdate.com") || dnsDomainIs(host, "eset.com") || dnsDomainIs(host, "mcafee.com") // McAfee || dnsDomainIs(host, "siteadvisor.com") // McAfee || dnsDomainIs(host, "hackerwatch.com") // McAfee || dnsDomainIs(host, "hackerwatch.org") // McAfee || dnsDomainIs(host, "avg.com") || dnsDomainIs(host, "grisoft.cz") || dnsDomainIs(host, "avgfree.com") || dnsDomainIs(host, "avg.cz") || dnsDomainIs(host, "symantecliveupdate.com") || dnsDomainIs(host, "thawte.com")) { return "DIRECT"; } if (isHttps) // Skip HTTPS { return "DIRECT"; } // Otherwise, go through our proxy or if it fails, through bypass return "PROXY 192.168.0.1:3128; DIRECT"; }
-
I'm sorry! I can use dnsResolve() on my networks. Many of the machines hasn't DNS local records.
There is a lot of http://en.wikipedia.org/wiki/Bring_your_own_device in my LANs.
http://en.wikipedia.org/wiki/Proxy_auto-config
The myIpAddress function has often been reported to give incorrect or unusable results, e.g. 127.0.0.1, the IP address of the localhost.
-
I think this is [SOLVED]. I will do more testing tomorrow!Full tested! Working!
At root directory of my apache2 webserver:
cat .htaccess Options +FollowSymLinks RewriteEngine On RewriteCond %{REMOTE_ADDR} ^192\.168\.0\. RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan0.pac [R=301,L] RewriteCond %{REMOTE_ADDR} ^192\.168\.1\. RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan1.pac [R=301,L] RewriteCond %{REMOTE_ADDR} ^192\.168\.2\. RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan2.pac [R=301,L] RewriteCond %{REMOTE_ADDR} ^192\.168\.3\. RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan3.pac [R=301,L]
proxy.pac
wpad.dat (simlynk to proxy.pac)
wpad.da (simlynk to proxy.pac)
lan0.pac
lan1.pac
lan2.pac
lan3.pacWhen browser ask for http://www.mydomain.tld/proxy.pac, http://www.mydomain.tld/wpad.dat or http://www.mydomain.tld/wpad.da the URL is rewrited in function of the LAN.
Or http://wpad.mydomain.tld/proxy.pac, http://wpad.mydomain.tld/wpad.dat or http://wpad.mydomain.tld/wpad.da …
-
Tip:
https://calomel.org/proxy_auto_config.htmlisInNet(host, pattern, mask)
isInNet(host, "192.168.249.79", "255.255.255.255") is true if the IP address of host matches exactly 192.168.249.79. isInNet(host, "192.168.0.0", "255.255.0.0") is true if the IP address of the host matches 192.168.*.*.
Well it might work, but like you said you have hosts without local records…