Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] MultiLAN squid + proxy.pac for browsers + Chromium (doesn't work)

    pfSense Packages
    2
    5
    6.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • belleraB
      bellera
      last edited by

      I started to using squid3 with pfSense.

      I have 4 LAN with squid3 activated.

      Browsers read a proxy.pac file that say were is the proxy for each LAN and same destinations not to use the proxy.

      function FindProxyForURL(url, host) {
         if (shExpMatch(url,"*//aaaaaaa.*")) {return "DIRECT";}
         if (shExpMatch(url,"*.bbbbbbb.tld/*")) {return "DIRECT";}
         if (shExpMatch(url,"*.ccccccc.tld/*")) {return "DIRECT";}
         if (shExpMatch(url,"*.ddddddd.tld/*")) {return "DIRECT";}
         if (shExpMatch(url,"*.eeeeeee.tld/*")) {return "DIRECT";}
         if (shExpMatch(url,"*.fffffff.tld/*")) {return "DIRECT";}
         if (isInNet(myIpAddress(), "192.168.0.0", "255.255.255.0")) {return "PROXY 192.168.0.1:3128";}
         if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0")) {return "PROXY 192.168.1.1:3128";}
         if (isInNet(myIpAddress(), "192.168.2.0", "255.255.255.0")) {return "PROXY 192.168.2.1:3128";}
         if (isInNet(myIpAddress(), "192.168.3.0", "255.255.255.0")) {return "PROXY 192.168.3.1:3128";}
         return "DIRECT";
      }
      

      Today I see that there is an important bug for Chrome browser.

      I doesn't understand myIpAddress()

      http://code.google.com/p/chromium/issues/detail?id=175652#c11

      Any idea to solve this?

      1 Reply Last reply Reply Quote 0
      • T
        Tikimotel
        last edited by

        Use "host = host.toLowerCase();" in combination with "dnsResolve(host)" as a replacement for  "myIpAddress()".
        Unfortunately I only have 1 LAN to worry about.

        Here is my proxy.pac as an example:

        function FindProxyForURL(url, host) {
        
          url = url.toLowerCase();
          host = host.toLowerCase();
          isHttp = (url.substring(0,5) == "http:");
          isHttps = (url.substring(0,6) == "https:")
        
        	// If the requested website is hosted within the internal network, send direct.
            	if (isPlainHostName(host) ||
                   shExpMatch(host, "*.home") ||
                   shExpMatch(host, "*.local") ||
                   isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
                   isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
                   isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
                   isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
        	{ return "DIRECT"; }
        
        	// Forward non-http(s) and some hosts to forward proxy (or DIRECT)
        	if((!isHttp && !isHttps) // Skip all non http(s)
        	   || dnsDomainIs(host, "microsoft.com")
        	   || dnsDomainIs(host, "windowsupdate.com")
        	   || dnsDomainIs(host, "eset.com")
        	   || dnsDomainIs(host, "mcafee.com") // McAfee
        	   || dnsDomainIs(host, "siteadvisor.com") // McAfee
        	   || dnsDomainIs(host, "hackerwatch.com") // McAfee
        	   || dnsDomainIs(host, "hackerwatch.org") // McAfee
        	   || dnsDomainIs(host, "avg.com")
        	   || dnsDomainIs(host, "grisoft.cz")
        	   || dnsDomainIs(host, "avgfree.com")
        	   || dnsDomainIs(host, "avg.cz")
        	   || dnsDomainIs(host, "symantecliveupdate.com")
        	   || dnsDomainIs(host, "thawte.com"))
        	{ return "DIRECT"; }
        
        	if (isHttps)
        	   // Skip HTTPS
        	{ return "DIRECT"; }
        
        	// Otherwise, go through our proxy or if it fails, through bypass
        	return "PROXY 192.168.0.1:3128; DIRECT";
        }
        
        1 Reply Last reply Reply Quote 0
        • belleraB
          bellera
          last edited by

          I'm sorry! I can use dnsResolve() on my networks. Many of the machines hasn't DNS local records.

          There is a lot of http://en.wikipedia.org/wiki/Bring_your_own_device in my LANs.

          http://en.wikipedia.org/wiki/Proxy_auto-config

          The myIpAddress function has often been reported to give incorrect or unusable results, e.g. 127.0.0.1, the IP address of the localhost.

          1 Reply Last reply Reply Quote 0
          • belleraB
            bellera
            last edited by

            I think this is [SOLVED]. I will do more testing tomorrow!

            Full tested! Working!

            At root directory of my apache2 webserver:

            cat .htaccess
            
            Options +FollowSymLinks
            RewriteEngine On
            
            RewriteCond %{REMOTE_ADDR} ^192\.168\.0\.
            RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan0.pac [R=301,L]
            
            RewriteCond %{REMOTE_ADDR} ^192\.168\.1\.
            RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan1.pac [R=301,L]
            
            RewriteCond %{REMOTE_ADDR} ^192\.168\.2\.
            RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan2.pac [R=301,L]
            
            RewriteCond %{REMOTE_ADDR} ^192\.168\.3\.
            RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan3.pac [R=301,L]
            

            proxy.pac
            wpad.dat (simlynk to proxy.pac)
            wpad.da (simlynk to proxy.pac)
            lan0.pac
            lan1.pac
            lan2.pac
            lan3.pac

            When browser ask for http://www.mydomain.tld/proxy.pac, http://www.mydomain.tld/wpad.dat or http://www.mydomain.tld/wpad.da  the URL is rewrited in function of the LAN.

            Or http://wpad.mydomain.tld/proxy.pac, http://wpad.mydomain.tld/wpad.dat or http://wpad.mydomain.tld/wpad.da …

            1 Reply Last reply Reply Quote 0
            • T
              Tikimotel
              last edited by

              Tip:
              https://calomel.org/proxy_auto_config.html

              isInNet(host, pattern, mask)

              isInNet(host, "192.168.249.79", "255.255.255.255")
                  is true if the IP address of host matches exactly 192.168.249.79.
              isInNet(host, "192.168.0.0", "255.255.0.0")
                  is true if the IP address of the host matches 192.168.*.*.
              

              Well it might work, but like you said you have hosts without local records…

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.