Help on wpad

genesislubrigas

Right now i am using http proxy only. Now i wanted to employ https filtering too.  So i followed pfsense doc on wpad configuraton also some youtube. I manage to follow some of the step but at the end it failed to work.

If it not too much to ask, for the benefit of all too, can some create a step by step procedure to configure wpad.

KOM

Nobody has time for that.  How about you show what you've done and then someone can help you?  I have WPAD working perfectly in my environment.  It works for everything except Android phones.

genesislubrigas

I configured wpad and have dns entry for wpad.localdomain pointing to 10.0.8.1 using bind but it doesnt word, no internet.

KOM

1. Does squid work when you manually configure the client?

2. Can you resolve wpad by itself to an IP address?

3. Can you fetch http://wpad_server/wpad.dat?

4. Is your client set to auto-discover the proxy?

chris4916

Quite often, one may think that in order to deploy WPAD from scratch, starting point is… WPAD.
This is, to me, an obvious misconception.

In order to smoothly deploy WPAD, start with proxy.
Once your proxy work in explicit mode, next step is to deploy proxy.dat (meaning web server being) and ensure it behaves as expected.
Once this works, deploying WPAD is only matter of DNS/DCHP (and I would suggest here ot not stick with one single method only.

I wrote something some years ago, not related to pfSense but which may help you to understand better how this works:
https://wiki.zentyal.org/wiki/Select_Right_HTTP_Proxy_Design

securityconscious

@genesislubrigas:

Right now i am using http proxy only. Now i wanted to employ https filtering too.  So i followed pfsense doc on wpad configuraton also some youtube. I manage to follow some of the step but at the end it failed to work.

If it not too much to ask, for the benefit of all too, can some create a step by step procedure to configure wpad.

Here you go:

function FindProxyForURL(url, host)
{
   if (isInNet(host, "10.10.0.0", "255.255.0.0")) {
      return "DIRECT";
   } else {
      if (shExpMatch(url, "http:*")) 
         return "PROXY 192.168.1.1:3128" ;
      if (shExpMatch(url, "https:*"))
         return "PROXY 192.168.1.1:3128" ;
      if (shExpMatch(url, "ftp:*"))
         return "PROXY 192.168.1.1:3128" ;
      return "DIRECT";
   }
}

Goes in usr/local/www directory.

Also, save same as three separate files.
wpad.dat
wpad.da
proxy.pac

chris4916

@securityconscious:

Also, save same as three separate files.
wpad.dat
wpad.da
proxy.pac

May I suggest not to save this as 3 different files but to save one single file and create symbolic links: doing so, when you modify your file, you modify it only once and you ensure everything is consistent  :P