• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unable to reach WPAD web on a IIS HTTP server in other subnet

Scheduled Pinned Locked Moved Cache/Proxy
4 Posts 2 Posters 786 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    SipriusPT
    last edited by SipriusPT Aug 12, 2021, 10:55 PM Aug 12, 2021, 10:54 PM

    Hello everyone,

    I am trying to migrate from a transparent proxy for HTTP and HTTPS to a explicit proxy on squid, using a HTTP server in one subnet to serve the WPAD files for another where squid is running, but if I disable both transparent proxy modes (Transparent HTTP Proxy and HTTPS/SSL Interception), I am unable to open that HTTP webpage through subdomain.

    From enduser machine I am able to resolve the subdomain name, but doesnt open the HTTP page.

    This is my actual layout (ex: subdomainB.local.lan is where the WPAD files are hosted):

    esquema_rede_proxy.png

    From 10.0.0.0/24, I am able to open the subdomainB.local.lan, and between both subnets there is no traffic being block or reject, it is allowed any traffic.

    I've added the subdomainB.local.lan on squid ACLs Whitelist, but still same outcame.

    Anyone knows how can I solve this?

    1xSG-4860-1U
    1xSG-3100
    2xpfSense Virtual Machines

    K 1 Reply Last reply Aug 13, 2021, 2:46 AM Reply Quote 0
    • K
      KOM @SipriusPT
      last edited by Aug 13, 2021, 2:46 AM

      @sipriuspt said in Unable to reach WPAD web on a IIS HTTP server in other subnet:

      What error do you get when 10.0.50.100 tries to fetch http://subdomainB.local.lan/wpad.dat?

      S 1 Reply Last reply Oct 18, 2021, 3:45 PM Reply Quote 1
      • S
        SipriusPT @KOM
        last edited by Oct 18, 2021, 3:45 PM

        @kom after several month, I made another attempt and discovered that the issue that I was having before was not letting those machines at 10.0.50.0/24, reach the default proxy port 3128 of the firewall.
        Allowing such destination, disabling transparent proxy for HTTP and HTTPS, and adding option 252 for each file in the IIS website, resolved the situation. From end users perspective, no Windows's machine notice what happeans, only MacOS, where the Auto proxy Discovery came disable by default, but I've only enable it for the ethernet port, and apply, and it start working.
        The only thing that I've notice is that a few remote websites gave the SSL's not valid, but dont know why some happear right and others not.

        Do you have an idea?

        1xSG-4860-1U
        1xSG-3100
        2xpfSense Virtual Machines

        K 1 Reply Last reply Oct 18, 2021, 6:06 PM Reply Quote 0
        • K
          KOM @SipriusPT
          last edited by Oct 18, 2021, 6:06 PM

          @sipriuspt Perhaps their certs really are invalid? A LetsEncrypt root cert expired a while back that caused such problems. Look at the details of the cert error and see what the problem is. That will help you decide if it's anything wrong on your end.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received