WPAD not working

albtech

I have configured Pfsense 2.4.3 to server wpad with the following script:

function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "192.168.2.0", "255.255.255.0"))
return "DIRECT";
return "PROXY 192.168.2.1:3128";
}

Additional BOOTP/DHCP Options:

252 String "http://192.168.2.1/wpad.dat"
252 String "http://192.168.2.1/wpad.da"
252 String "http://192.168.2.1/proxy.pac"

files are stored to /usr/local/www

and in DNS resolver :

Host: wpad
Domain: my domain name
IP Address: 192.168.2.1
Description: WPAD Autoconfigure Host

and admin access protocol is HTTP but it dont work with https websites and when I configure the proxy manual it is ok. Can anyone help to solve the script to work with https too or WPAD works only with http.

Thank you in advance

KOM

Go through each step one by one. WPAD works fine for all web connections.

What do you get when your clients resolve wpad.yourdomain.name? Does it resolve to 192.168.2.1?

Do your clients have their network settings configured to discover the proxy automatically?

If you run a browser and go to http://192.168.2.1/wpad.dat, what happens?

albtech

thank you for your reply

whenI try to go at wpad.yourdomain.name it shows :

0_1534409423642_wpad.domain.PNG

Clients are configured with auto discover proxy and when I go to http://192.168.2.1/wpad.dat (wpad.da or proxy.pac) the file will be downloaded

KOM

Then it looks like it is working as expected. What type of client? Android phones, for example, do not support WPAD and you have to configure them manually.

johnpoz

If that domain firewall.connecta gets forwarded to some other dns, then yes its a rebind when it returns rfc1918. If you do not want the rebind protection then you need to tell what your using unbound or dnsmasq that is doing the forwarding of this domain that this domain is private and is ok to return rfc1918 space.

https://www.netgate.com/docs/pfsense/dns/dns-rebinding-protections.html

I take it your doing a domain override on this domain? If this domain is the domain pfsense is in, then it shouldn't be giving rebind if it returns the IP for it.

albtech

@kom I have linux and windows clients. but the whitelists dont work good cant access all websites listed on whitelist when using WPAD but with manual configuration on browser it works I can access every website in my whitelist.

KOM

WPAD has nothing to do with URL filtering or whitelists etc. It allows your clients to discover the proxy automatically. The end. That's all. For URL filtering you would use pfBlockerNG or Squid + squidguard.

Exolon

@albtech See if this website can help WPAD PAC Proxy Configuration