Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [SOLVED] MultiLAN squid + proxy.pac for browsers + Chromium (doesn't work)

    pfSense Packages
    2
    5
    6421
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bellera
      bellera last edited by

      I started to using squid3 with pfSense.

      I have 4 LAN with squid3 activated.

      Browsers read a proxy.pac file that say were is the proxy for each LAN and same destinations not to use the proxy.

      function FindProxyForURL(url, host) {
   if (shExpMatch(url,"*//aaaaaaa.*")) {return "DIRECT";}
   if (shExpMatch(url,"*.bbbbbbb.tld/*")) {return "DIRECT";}
   if (shExpMatch(url,"*.ccccccc.tld/*")) {return "DIRECT";}
   if (shExpMatch(url,"*.ddddddd.tld/*")) {return "DIRECT";}
   if (shExpMatch(url,"*.eeeeeee.tld/*")) {return "DIRECT";}
   if (shExpMatch(url,"*.fffffff.tld/*")) {return "DIRECT";}
   if (isInNet(myIpAddress(), "192.168.0.0", "255.255.255.0")) {return "PROXY 192.168.0.1:3128";}
   if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0")) {return "PROXY 192.168.1.1:3128";}
   if (isInNet(myIpAddress(), "192.168.2.0", "255.255.255.0")) {return "PROXY 192.168.2.1:3128";}
   if (isInNet(myIpAddress(), "192.168.3.0", "255.255.255.0")) {return "PROXY 192.168.3.1:3128";}
   return "DIRECT";
}

      Today I see that there is an important bug for Chrome browser.

      I doesn't understand myIpAddress()

      http://code.google.com/p/chromium/issues/detail?id=175652#c11

      Any idea to solve this?

      1 Reply Last reply Reply Quote 0
      • T
        Tikimotel last edited by

        Use "host = host.toLowerCase();" in combination with "dnsResolve(host)" as a replacement for  "myIpAddress()".
        Unfortunately I only have 1 LAN to worry about.

        Here is my proxy.pac as an example:

        function FindProxyForURL(url, host) {

  url = url.toLowerCase();
  host = host.toLowerCase();
  isHttp = (url.substring(0,5) == "http:");
  isHttps = (url.substring(0,6) == "https:")

	// If the requested website is hosted within the internal network, send direct.
    	if (isPlainHostName(host) ||
           shExpMatch(host, "*.home") ||
           shExpMatch(host, "*.local") ||
           isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
           isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
           isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
           isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
	{ return "DIRECT"; }

	// Forward non-http(s) and some hosts to forward proxy (or DIRECT)
	if((!isHttp && !isHttps) // Skip all non http(s)
	   || dnsDomainIs(host, "microsoft.com")
	   || dnsDomainIs(host, "windowsupdate.com")
	   || dnsDomainIs(host, "eset.com")
	   || dnsDomainIs(host, "mcafee.com") // McAfee
	   || dnsDomainIs(host, "siteadvisor.com") // McAfee
	   || dnsDomainIs(host, "hackerwatch.com") // McAfee
	   || dnsDomainIs(host, "hackerwatch.org") // McAfee
	   || dnsDomainIs(host, "avg.com")
	   || dnsDomainIs(host, "grisoft.cz")
	   || dnsDomainIs(host, "avgfree.com")
	   || dnsDomainIs(host, "avg.cz")
	   || dnsDomainIs(host, "symantecliveupdate.com")
	   || dnsDomainIs(host, "thawte.com"))
	{ return "DIRECT"; }

	if (isHttps)
	   // Skip HTTPS
	{ return "DIRECT"; }

	// Otherwise, go through our proxy or if it fails, through bypass
	return "PROXY 192.168.0.1:3128; DIRECT";
}
        1 Reply Last reply Reply Quote 0
        • bellera
          bellera last edited by

          I'm sorry! I can use dnsResolve() on my networks. Many of the machines hasn't DNS local records.

          There is a lot of http://en.wikipedia.org/wiki/Bring_your_own_device in my LANs.

          http://en.wikipedia.org/wiki/Proxy_auto-config

          The myIpAddress function has often been reported to give incorrect or unusable results, e.g. 127.0.0.1, the IP address of the localhost.

          1 Reply Last reply Reply Quote 0
          • bellera
            bellera last edited by

            I think this is [SOLVED]. I will do more testing tomorrow!

            Full tested! Working!

            At root directory of my apache2 webserver:

            cat .htaccess

Options +FollowSymLinks
RewriteEngine On

RewriteCond %{REMOTE_ADDR} ^192\.168\.0\.
RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan0.pac [R=301,L]

RewriteCond %{REMOTE_ADDR} ^192\.168\.1\.
RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan1.pac [R=301,L]

RewriteCond %{REMOTE_ADDR} ^192\.168\.2\.
RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan2.pac [R=301,L]

RewriteCond %{REMOTE_ADDR} ^192\.168\.3\.
RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan3.pac [R=301,L]

            proxy.pac
            wpad.dat (simlynk to proxy.pac)
            wpad.da (simlynk to proxy.pac)
            lan0.pac
            lan1.pac
            lan2.pac
            lan3.pac

            When browser ask for http://www.mydomain.tld/proxy.pac, http://www.mydomain.tld/wpad.dat or http://www.mydomain.tld/wpad.da  the URL is rewrited in function of the LAN.

            Or http://wpad.mydomain.tld/proxy.pac, http://wpad.mydomain.tld/wpad.dat or http://wpad.mydomain.tld/wpad.da …

            1 Reply Last reply Reply Quote 0
            • T
              Tikimotel last edited by

              Tip:
              https://calomel.org/proxy_auto_config.html

              isInNet(host, pattern, mask)

              isInNet(host, "192.168.249.79", "255.255.255.255")
    is true if the IP address of host matches exactly 192.168.249.79.
isInNet(host, "192.168.0.0", "255.255.0.0")
    is true if the IP address of the host matches 192.168.*.*.

              Well it might work, but like you said you have hosts without local records…

              1 Reply Last reply Reply Quote 0
              • First post
                Last post