• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] MultiLAN squid + proxy.pac for browsers + Chromium (doesn't work)

Scheduled Pinned Locked Moved pfSense Packages
5 Posts 2 Posters 6.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bellera
    last edited by Apr 1, 2014, 7:42 AM Mar 31, 2014, 3:48 PM

    I started to using squid3 with pfSense.

    I have 4 LAN with squid3 activated.

    Browsers read a proxy.pac file that say were is the proxy for each LAN and same destinations not to use the proxy.

    function FindProxyForURL(url, host) {
       if (shExpMatch(url,"*//aaaaaaa.*")) {return "DIRECT";}
       if (shExpMatch(url,"*.bbbbbbb.tld/*")) {return "DIRECT";}
       if (shExpMatch(url,"*.ccccccc.tld/*")) {return "DIRECT";}
       if (shExpMatch(url,"*.ddddddd.tld/*")) {return "DIRECT";}
       if (shExpMatch(url,"*.eeeeeee.tld/*")) {return "DIRECT";}
       if (shExpMatch(url,"*.fffffff.tld/*")) {return "DIRECT";}
       if (isInNet(myIpAddress(), "192.168.0.0", "255.255.255.0")) {return "PROXY 192.168.0.1:3128";}
       if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0")) {return "PROXY 192.168.1.1:3128";}
       if (isInNet(myIpAddress(), "192.168.2.0", "255.255.255.0")) {return "PROXY 192.168.2.1:3128";}
       if (isInNet(myIpAddress(), "192.168.3.0", "255.255.255.0")) {return "PROXY 192.168.3.1:3128";}
       return "DIRECT";
    }
    

    Today I see that there is an important bug for Chrome browser.

    I doesn't understand myIpAddress()

    http://code.google.com/p/chromium/issues/detail?id=175652#c11

    Any idea to solve this?

    1 Reply Last reply Reply Quote 0
    • T
      Tikimotel
      last edited by Mar 31, 2014, 4:31 PM

      Use "host = host.toLowerCase();" in combination with "dnsResolve(host)" as a replacement for  "myIpAddress()".
      Unfortunately I only have 1 LAN to worry about.

      Here is my proxy.pac as an example:

      function FindProxyForURL(url, host) {
      
        url = url.toLowerCase();
        host = host.toLowerCase();
        isHttp = (url.substring(0,5) == "http:");
        isHttps = (url.substring(0,6) == "https:")
      
      	// If the requested website is hosted within the internal network, send direct.
          	if (isPlainHostName(host) ||
                 shExpMatch(host, "*.home") ||
                 shExpMatch(host, "*.local") ||
                 isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
                 isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
                 isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
                 isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
      	{ return "DIRECT"; }
      
      	// Forward non-http(s) and some hosts to forward proxy (or DIRECT)
      	if((!isHttp && !isHttps) // Skip all non http(s)
      	   || dnsDomainIs(host, "microsoft.com")
      	   || dnsDomainIs(host, "windowsupdate.com")
      	   || dnsDomainIs(host, "eset.com")
      	   || dnsDomainIs(host, "mcafee.com") // McAfee
      	   || dnsDomainIs(host, "siteadvisor.com") // McAfee
      	   || dnsDomainIs(host, "hackerwatch.com") // McAfee
      	   || dnsDomainIs(host, "hackerwatch.org") // McAfee
      	   || dnsDomainIs(host, "avg.com")
      	   || dnsDomainIs(host, "grisoft.cz")
      	   || dnsDomainIs(host, "avgfree.com")
      	   || dnsDomainIs(host, "avg.cz")
      	   || dnsDomainIs(host, "symantecliveupdate.com")
      	   || dnsDomainIs(host, "thawte.com"))
      	{ return "DIRECT"; }
      
      	if (isHttps)
      	   // Skip HTTPS
      	{ return "DIRECT"; }
      
      	// Otherwise, go through our proxy or if it fails, through bypass
      	return "PROXY 192.168.0.1:3128; DIRECT";
      }
      
      1 Reply Last reply Reply Quote 0
      • B
        bellera
        last edited by Mar 31, 2014, 6:39 PM Mar 31, 2014, 6:28 PM

        I'm sorry! I can use dnsResolve() on my networks. Many of the machines hasn't DNS local records.

        There is a lot of http://en.wikipedia.org/wiki/Bring_your_own_device in my LANs.

        http://en.wikipedia.org/wiki/Proxy_auto-config

        The myIpAddress function has often been reported to give incorrect or unusable results, e.g. 127.0.0.1, the IP address of the localhost.

        1 Reply Last reply Reply Quote 0
        • B
          bellera
          last edited by Apr 1, 2014, 7:43 AM Mar 31, 2014, 9:50 PM

          I think this is [SOLVED]. I will do more testing tomorrow!

          Full tested! Working!

          At root directory of my apache2 webserver:

          cat .htaccess
          
          Options +FollowSymLinks
          RewriteEngine On
          
          RewriteCond %{REMOTE_ADDR} ^192\.168\.0\.
          RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan0.pac [R=301,L]
          
          RewriteCond %{REMOTE_ADDR} ^192\.168\.1\.
          RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan1.pac [R=301,L]
          
          RewriteCond %{REMOTE_ADDR} ^192\.168\.2\.
          RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan2.pac [R=301,L]
          
          RewriteCond %{REMOTE_ADDR} ^192\.168\.3\.
          RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan3.pac [R=301,L]
          

          proxy.pac
          wpad.dat (simlynk to proxy.pac)
          wpad.da (simlynk to proxy.pac)
          lan0.pac
          lan1.pac
          lan2.pac
          lan3.pac

          When browser ask for http://www.mydomain.tld/proxy.pac, http://www.mydomain.tld/wpad.dat or http://www.mydomain.tld/wpad.da  the URL is rewrited in function of the LAN.

          Or http://wpad.mydomain.tld/proxy.pac, http://wpad.mydomain.tld/wpad.dat or http://wpad.mydomain.tld/wpad.da …

          1 Reply Last reply Reply Quote 0
          • T
            Tikimotel
            last edited by Apr 1, 2014, 4:26 PM Apr 1, 2014, 4:22 PM

            Tip:
            https://calomel.org/proxy_auto_config.html

            isInNet(host, pattern, mask)

            isInNet(host, "192.168.249.79", "255.255.255.255")
                is true if the IP address of host matches exactly 192.168.249.79.
            isInNet(host, "192.168.0.0", "255.255.0.0")
                is true if the IP address of the host matches 192.168.*.*.
            

            Well it might work, but like you said you have hosts without local records…

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received