Accessing WPAD on /usr/local/www with port 80 (SOLVED)



  • Hi,
    i'm not able to access on /usr/local/www on port 80 for take a proxy.pac or wpad.dat.

    1. The rules on firewall ar all open
    2. the Disable webConfigurator redirect rule is checked
    3. the permission on files are correct :

    /usr/local/www: ls -ltr wpad*
    lrwxr-xr-x  1 www  www  14 May 30 15:34 wpad.dat -> wpad/proxy.pac
    lrwxr-xr-x  1 www  www  14 May 30 15:34 wpad.da -> wpad/proxy.pac
    
    wpad:
    total 4
    -rw-r--r--  1 www  www  1681 Mar  5  2015 proxy.pac
    

    But when I wget the wpad :

    Connecting to 10.x.x.x:80... failed: Connection timed out.
    Retrying.
    

    some ideas ?





  • NAT backup

    To catch any PCs which aren’t configured with ‘auto configure’ in their settings, you could implement a port forward for any traffic directed at port 80 through to 3128.

    Can I have an example of how you can do this?



  • some ideas ?

    Are you running WebGUI in HTTP mode or HTTPS mode?



  • @aGeekHere:

    NAT backup

    To catch any PCs which aren’t configured with ‘auto configure’ in their settings, you could implement a port forward for any traffic directed at port 80 through to 3128.

    Can I have an example of how you can do this?

    Here in attach.




  • @KOM:

    some ideas ?

    Are you running WebGUI in HTTP mode or HTTPS mode?

    HTTPS.
    So I used another lighttpd for the wpad.

    But I have another problem with sgerrro.php.. ( the last one problem )



  • To catch any PCs which aren’t configured with ‘auto configure’ in their settings, you could implement a port forward for any traffic directed at port 80 through to 3128.

    That's what Transparent mode basically is.  Don't do it this way or you lose the advantages of an explicit proxy in regard to client certificates with HTTPS sites.



  • This is what I was trying hard to understand as the guide suggest you can have a wpad and create a Nat rule to redirect all remaing traffic from port 80 to 3128.



  • If you're running Transparent (boo!) then you don't need WPAD.  If you're running explicit then you don't need manually-added NAT rules.



  • And for programs that have no proxy setting and want to go direct you have to create a bypass on port 80 and 443 for each program. Google play and other apps on Android have too many servers to find and bypass (though chrome on Android uses the wpad). I am just thinking there has got to be a better way to handel programs that have no proxy settings and want to go direct with using a wpad.



  • I am just thinking there has got to be a better way to handel programs that have no proxy settings and want to go direct with using a wpad.

    If these things aren't smart enough to handle a manual proxy, what makes you think they're WPAD-aware???

    What you do is simple here:

    • Run your proxy in explicit mode

    • Create your wpad files and put them on an HTTP server

    • Edit DNS & DHCP to support wpad.YourDomain.blah and point it to pfSense LAN IP

    • Create firewall rule that blocks access to ports 80/443 on LAN for all

    • Create a rule just above that rule that allows the Roku and whatever other devices to access ports 80/443 on LAN

    The only downside is that nothing the Roku accesses will be cached.



  • That is exactly my set up