Help on wpad



  • Right now i am using http proxy only. Now i wanted to employ https filtering too.  So i followed pfsense doc on wpad configuraton also some youtube. I manage to follow some of the step but at the end it failed to work.

    If it not too much to ask, for the benefit of all too, can some create a step by step procedure to configure wpad.



  • Nobody has time for that.  How about you show what you've done and then someone can help you?  I have WPAD working perfectly in my environment.  It works for everything except Android phones.



  • I configured wpad and have dns entry for wpad.localdomain pointing to 10.0.8.1 using bind but it doesnt word, no internet.



    1. Does squid work when you manually configure the client?

    2. Can you resolve wpad by itself to an IP address?

    3. Can you fetch http://wpad_server/wpad.dat?

    4. Is your client set to auto-discover the proxy?



  • Quite often, one may think that in order to deploy WPAD from scratch, starting point is… WPAD.
    This is, to me, an obvious misconception.

    In order to smoothly deploy WPAD, start with proxy.
    Once your proxy work in explicit mode, next step is to deploy proxy.dat (meaning web server being) and ensure it behaves as expected.
    Once this works, deploying WPAD is only matter of DNS/DCHP (and I would suggest here ot not stick with one single method only.

    I wrote something some years ago, not related to pfSense but which may help you to understand better how this works:
    https://wiki.zentyal.org/wiki/Select_Right_HTTP_Proxy_Design



  • @genesislubrigas:

    Right now i am using http proxy only. Now i wanted to employ https filtering too.  So i followed pfsense doc on wpad configuraton also some youtube. I manage to follow some of the step but at the end it failed to work.

    If it not too much to ask, for the benefit of all too, can some create a step by step procedure to configure wpad.

    Here you go:

    function FindProxyForURL(url, host)
    {
       if (isInNet(host, "10.10.0.0", "255.255.0.0")) {
          return "DIRECT";
       } else {
          if (shExpMatch(url, "http:*")) 
             return "PROXY 192.168.1.1:3128" ;
          if (shExpMatch(url, "https:*"))
             return "PROXY 192.168.1.1:3128" ;
          if (shExpMatch(url, "ftp:*"))
             return "PROXY 192.168.1.1:3128" ;
          return "DIRECT";
       }
    }
    

    Goes in usr/local/www directory.

    Also, save same as three separate files.
    wpad.dat
    wpad.da
    proxy.pac



  • @securityconscious:

    Also, save same as three separate files.
    wpad.dat
    wpad.da
    proxy.pac

    May I suggest not to save this as 3 different files but to save one single file and create symbolic links: doing so, when you modify your file, you modify it only once and you ensure everything is consistent  :P


Log in to reply