Force proxy help
-
Not sure how to title this but I have a proxy question I haven't seen asked.
I have a strict proxy set up and force the lan to use it by firewalling 80 and 443 per the guides. it works but then causes issues with Facebook, twitter App Store etc. Is there any way to force clients to use the proxy other than the firewall block rule? keeping up to date with adding ip addresses to the fw allow list is tiring.
I tried allowing to go direct to these sites using the pac file, but the force proxy fw rule obviously kicks in -
You can Use a WPAD automatic proxy configuration.
-
I am using WPAD using dhcp opt 252. but if the client doesn't select autoconfig or changes the proxy settings to off it will bypass the proxy and thus defeat the setup right?
-
I am using WPAD using dhcp opt 252. but if the client doesn't select autoconfig or changes the proxy settings to off it will bypass the proxy and thus defeat the setup right?
yes. You can intercept these clients with transparent proxy.
-
If transparent proxy doesn't work well for you (I've personally found it buggy and decided against it); I've found success in setting up Group Policy to force the WPAD file on users. Defining the AutoConfigURL registry value works well. But if you're totally blocking 80 and 443 all together, I believe you can just set the ProxyServer registry value and not even need the WPAD file. (that is, depending on your environment. I'm assuming an all Windows Active Directory setup.)
https://blogs.msdn.microsoft.com/askie/2015/07/17/how-can-i-configure-proxy-autoconfigurl-setting-using-group-policy-preference-gpp/
https://support.microsoft.com/en-us/help/819961/how-to-configure-client-proxy-server-settings-by-using-a-registry-file