WPAD not working
I have configured Pfsense 2.4.3 to server wpad with the following script:
function FindProxyForURL(url, host)
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "192.168.2.0", "255.255.255.0"))
return "PROXY 192.168.2.1:3128";
Additional BOOTP/DHCP Options:
files are stored to /usr/local/www
and in DNS resolver :
Domain: my domain name
IP Address: 192.168.2.1
Description: WPAD Autoconfigure Host
and admin access protocol is HTTP but it dont work with https websites and when I configure the proxy manual it is ok. Can anyone help to solve the script to work with https too or WPAD works only with http.
Thank you in advance
Go through each step one by one. WPAD works fine for all web connections.
What do you get when your clients resolve wpad.yourdomain.name? Does it resolve to 192.168.2.1?
Do your clients have their network settings configured to discover the proxy automatically?
If you run a browser and go to http://192.168.2.1/wpad.dat, what happens?
Then it looks like it is working as expected. What type of client? Android phones, for example, do not support WPAD and you have to configure them manually.
If that domain firewall.connecta gets forwarded to some other dns, then yes its a rebind when it returns rfc1918. If you do not want the rebind protection then you need to tell what your using unbound or dnsmasq that is doing the forwarding of this domain that this domain is private and is ok to return rfc1918 space.
I take it your doing a domain override on this domain? If this domain is the domain pfsense is in, then it shouldn't be giving rebind if it returns the IP for it.
@kom I have linux and windows clients. but the whitelists dont work good cant access all websites listed on whitelist when using WPAD but with manual configuration on browser it works I can access every website in my whitelist.
WPAD has nothing to do with URL filtering or whitelists etc. It allows your clients to discover the proxy automatically. The end. That's all. For URL filtering you would use pfBlockerNG or Squid + squidguard.
Exolon last edited by