Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    WPAD with dns cache..

    Scheduled Pinned Locked Moved Cache/Proxy
    proxywpadproxy.pac
    1 Posts 1 Posters 134 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ Online
      JonathanLee
      last edited by JonathanLee

      Hello fellow Netgate community members,

      Check this proxy.pac file out tell me what you think it has a dns cache and strips the brackets has bypass for private addresses even a cache max even anti recursion for the wpad calls itself

      like this var dnsCache = {};
var dnsOrder = [];
var DNS_CACHE_MAX = 500;

function cachedDnsResolve(host) {
    if (dnsCache[host]) {
        return dnsCache[host];
    }

    var ip = dnsResolve(host);

    if (ip) {
        dnsCache[host] = ip;
        dnsOrder.push(host);

        if (dnsOrder.length > DNS_CACHE_MAX) {
            var oldest = dnsOrder.shift();
            delete dnsCache[oldest];
        }
    }

    return ip;
}

function FindProxyForURL(url, host) {
    url = url.toLowerCase();
    host = host.toLowerCase();

    // Strip brackets from IPv6 addresses
    var cleanHost = host.replace(/^\[|\]$/g, '');

    // Prevent WPAD recursion
    if (cleanHost === "192.168.1.6" || host === "wpad" || host === "wpad.local") {
        return "DIRECT";
    }

    // Localhost variants
    if (host === "localhost" || cleanHost === "127.0.0.1" || cleanHost === "::1") {
        return "DIRECT";
    }

    // Plain hostnames
    if (isPlainHostName(host)) {
        return "DIRECT";
    }

    // Local domains
    if (
        dnsDomainIs(host, ".local") ||
        dnsDomainIs(host, ".lan") ||
        dnsDomainIs(host, ".localdomain")
    ) {
        return "DIRECT";
    }

    // IPv4 literal local ranges
    if (
        /^(\d{1,3}\.){3}\d{1,3}$/.test(cleanHost) && (
            isInNet(cleanHost, "10.0.0.0", "255.0.0.0") ||
            isInNet(cleanHost, "127.0.0.0", "255.0.0.0") ||
            isInNet(cleanHost, "169.254.0.0", "255.255.0.0") ||
            isInNet(cleanHost, "172.16.0.0", "255.240.0.0") ||
            isInNet(cleanHost, "192.168.0.0", "255.255.0.0") ||
            isInNet(cleanHost, "198.18.0.0", "255.254.0.0")
        )
    ) {
        return "DIRECT";
    }

    // Explicit IPv4 bypasses
    if (cleanHost === "192.168.1.1" || cleanHost === "192.168.1.2") {
        return "DIRECT";
    }

    // Router hostname
    if (host === "lee_family.home.arpa") {
        return "DIRECT";
    }

    // Explicit IPv6 router
    if (cleanHost === "2001:470:8052:a::1") {
        return "DIRECT";
    }

    // VPN subnet
    if (isInNet(cleanHost, "192.168.8.0", "255.255.255.0")) {
        return "DIRECT";
    }

    // Local IPv6 (ULA + link-local)
    if (cleanHost.startsWith("fe80") || cleanHost.startsWith("fd")) {
        return "DIRECT";
    }

    // IPv6 routed subnet via proxy
    var ip = cachedDnsResolve(cleanHost);
    if (ip) {
        ip = ip.replace(/^\[|\]$/g, '');  // Normalize in case DNS returns bracketed IPv6
        if (shExpMatch(ip, "2001:470:8052:a:*")) {
            return "PROXY [2001:470:8052:a::1]:3128";
        }
    }

    // Proxy HTTP family
    if (
        url.startsWith("http:") ||
        url.startsWith("https:") ||
        url.startsWith("ftp:") ||
        url.startsWith("gopher:")
    ) {
        return "PROXY 192.168.1.1:3128";
    }

    // Final fallback
    return "DIRECT";
}

      I think this is way better than the standard point to proxy one.

      Make sure to upvote

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.