Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to block browsers to bypass proxy?

    Scheduled Pinned Locked Moved Cache/Proxy
    19 Posts 3 Posters 7.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chris4916
      last edited by

      Clearer.

      Answer is quite simple.

      1 - set-up WPAD  ;) then you should not need this page any more.
      2 - As I previously wrote, configure captive portal (without authentication) and display page explaining that proxy needs to be manually configured. This page will not be reached but in any case, for devices not WPAD aware, this may help

      Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

      1 Reply Last reply Reply Quote 0
      • J
        jetberrocal
        last edited by

        @chris4916:

        1 - set-up WPAD  ;) then you should not need this page any more.

        There is a problem using WPAD.  Windows in fact has a flaw design for proxy setting.  It is design to ignore WPAD configurations after some time running in a network without proxy.  Which is mostly every regular PC.

        @chris4916:

        2 - As I previously wrote, configure captive portal (without authentication) and display page explaining that proxy needs to be manually configured. This page will not be reached but in any case, for devices not WPAD aware, this may help

        This is an idea that I could try.  I will write down the outcome after trying.

        1 Reply Last reply Reply Quote 0
        • J
          jetberrocal
          last edited by

          @jetberrocal:

          @chris4916:

          2 - As I previously wrote, configure captive portal (without authentication) and display page explaining that proxy needs to be manually configured. This page will not be reached but in any case, for devices not WPAD aware, this may help

          This is an idea that I could try.  I will write down the outcome after trying.

          OK.  It worked nicely.  I did not use the default CP page as it includes authentication fields, I loaded a ngnix sample test page and it work as expected

          Thank you for the idea. 
          I was trying CP with authentication before and it did not work. (But that is another thread)

          Just one more question.  With this I do not need the block rules anymore?

          1 Reply Last reply Reply Quote 0
          • C
            chris4916
            last edited by

            @jetberrocal:

            There is a problem using WPAD.  Windows in fact has a flaw design for proxy setting.  It is design to ignore WPAD configurations after some time running in a network without proxy.  Which is mostly every regular PC.

            :o :o :o
            Who told you this ???

            Any source is more than welcome.

            WPAD works smoothly with any Windows device, once configured. Trust me and give a try.

            Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

            1 Reply Last reply Reply Quote 0
            • J
              jetberrocal
              last edited by

              @chris4916:

              @jetberrocal:

              There is a problem using WPAD.  Windows in fact has a flaw design for proxy setting.  It is design to ignore WPAD configurations after some time running in a network without proxy.  Which is mostly every regular PC.

              :o :o :o
              Who told you this ???

              Any source is more than welcome.

              WPAD works smoothly with any Windows device, once configured. Trust me and give a try.

              Yes. WPAD works but sometimes have some issues that are really difficult to fix, at least to me.  In fact I could not.

              See the following links for the problem and their solutions:
              http://kb.k12usa.com/Knowledgebase/Proxy-Auto-Detect-WPAD-Issues-With-IE-Windows-7
              http://serverfault.com/questions/54567/internet-explorer-isnt-auto-discovering-http-wpad-wpad-dat-auto-config
              https://infratalk.wordpress.com/2011/09/10/troubleshooting-windows-proxy-autodiscovery-wpad/

              If you are willing to read the links, will see the problem that I am talking about on this thread.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                IIRC, WPAD will not work if you're serving it from an HTTPS web server.  It must be HTTP.  This means you can't use pfSense to host the file if you have WebGUI running in HTTPS mode.

                1 Reply Last reply Reply Quote 0
                • J
                  jetberrocal
                  last edited by

                  @KOM:

                  IIRC, WPAD will not work if you're serving it from an HTTPS web server.  It must be HTTP.  This means you can't use pfSense to host the file if you have WebGUI running in HTTPS mode.

                  I am not serving the WPAD file from the pfsense server, but from another internal Web server.

                  And the wpad file is served alright it is windows that even though it gets the file does not use it. 
                  It is a design flaw in Windows which is not so easy to overcome.

                  Instead of banging my head I decided to create a group policy to force the machines in the domain to use the proxy.  But machines that are not in the domain wont get the policy have to rely on wpad process which is flawed.  Some machines refuse to use the wpad file even if they get it.

                  1 Reply Last reply Reply Quote 0
                  • C
                    chris4916
                    last edited by

                    @jetberrocal:

                    Some machines refuse to use the wpad file even if they get it.

                    Based on link you provided, beaviour is sliglty different: these machines do not "refuse" to use WPAD. Browser won't even search for WPAD.

                    e.g. did you check with another browser, just for your knowledge?

                    Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                    1 Reply Last reply Reply Quote 0
                    • J
                      jetberrocal
                      last edited by

                      I checked earlier with Chrome but it uses the same proxy configuration as IE.  Firefox I think did the job because it does not share the proxy settings on all options.

                      But I can not force my clients to use a particular browser.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jetberrocal
                        last edited by

                        @jetberrocal:

                        @jetberrocal:

                        @chris4916:

                        2 - As I previously wrote, configure captive portal (without authentication) and display page explaining that proxy needs to be manually configured. This page will not be reached but in any case, for devices not WPAD aware, this may help

                        This is an idea that I could try.  I will write down the outcome after trying.

                        OK.  It worked nicely.  I did not use the default CP page as it includes authentication fields, I loaded a ngnix sample test page and it work as expected

                        Thank you for the idea. 
                        I was trying CP with authentication before and it did not work. (But that is another thread)

                        Just one more question.  With this I do not need the block rules anymore?

                        I answer my self the block rule question.  I removed them to test and it work without them.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.