HTTP and HTTPs redirect to Dansguardian IP Address and Port

chris4916 · Oct 6, 2015, 6:04 AM

Reading your PM (and suggesting to discuss this here as it may help other members ;)):

you may use different names for proxy.pac file but not wpad.pac ;) proxy.pac, proxy.dat, proxy.dat some aliases depending on browsers and platform but as far as I know, wpad.pac doesn't work
your proxy.pac file should redirect to Squid which will handle connection to Dansguardian. IMHO, you should not redirect HTTP requests directly to Dansguardian.

dodong · Oct 6, 2015, 6:25 AM

Hi Chris,

Doing WPAD Configuration as you suggest. Here's my setup :

Active Directory, DHCP Server, DNS Server, Web Server : 172.16.0.1 (OS - Windows Server 2012 R2)
PFSense 2.2.4 ( I installed squid3(port 3128) and dansguardian(port 8080)) : 172.16.255.254

Client : Windows 8.1 and using web browsers such as IE11, FF 41.0.1, and Chrome 45.0.2454

My pac code is

function FindProxyURL(url, host)
{ return "PROXY 172.16.255.254:8080; DIRECT"}

And save this code as wpad.pac in wwwroot folder of my Web Server.

For testing, using IE11 browser, Internet Option > Connections > LAN Settings > Use automatic configuration script.

Address : http://172.16.0.1/wpad.pac

Uncheck the boxes Automatically detect settings and Use proxy server for your LAN…

The test was FAILED.

Any suggestions?

Thanks in advance!

Best,
Dodong

chris4916 · Oct 6, 2015, 6:34 AM

I suggest that:

your web server serves proxy.pac file instead of wpad.pac file. it doesn't really matter at this stage but will help later ;)
your pac file redirect to Squid port instead of Dansguardian port. (i.e. 3128 instead of 8080)

The idea here is that browser relies on proxy which uses Dansguardian rather than having browser accessing directly Dansguardian, leaving Squid proxy unused.

dodong · Oct 6, 2015, 7:06 AM

Chirs - I revised the pac code and save it as proxy.pac

function FindProxyURL(url, host)
{ return "PROXY 172.16.255.254:3128; DIRECT"}

Same result. Not working.. :'( (No logs on /var/squid/log/access.log)

For IIS Web Server, I followed this instruction: http://findproxyforurl.com/deploying-pac/

chris4916 · Oct 6, 2015, 7:31 AM

@dodong:

Same result. Not working.. :'( (No logs on /var/squid/log/access.log)

Aside lack of log, what is the behaviour client side ?

what if you access directly http://172.16.0.1/proxy.pac from your browser ? can you read file content ?

dodong · Oct 6, 2015, 7:36 AM

I corrected my code :

function FindProxyForURL(url, host)
{ return "PROXY 172.16.255.254:3128; DIRECT"}

On FF is working. However on IE no success..

dodong · Oct 6, 2015, 7:51 AM

Finally, I've successfully configured on both IE11 and FF40. You just need to change the file extension from proxy.pac into proxy.dat

function FindProxyForURL(url, host)
{ return "PROXY 172.16.255.254:3128; DIRECT"}.

Chris, instead of using squid's port 3128, I've used dansguardian's port 8080.. In dansguardian config file you can set parent proxy to squid..

Thanks to all!!

Best,
Dodong

chris4916 · Oct 6, 2015, 8:00 AM

@dodong:

Finally, I've successfully configured on both IE11 and FF40. You just need to change the file extension from proxy.pac into proxy.dat

in the automatic discovery mode only, if I'm not wrong. When you hardcode URL, does it matter?

Chris, instead of using squid's port 3128, I've used dansguardian's port 8080.. In dansguardian config file you can set parent proxy to squid..

What's the purpose then ?

dodong · Oct 6, 2015, 8:24 AM

@chris4916:

@dodong:

Finally, I've successfully configured on both IE11 and FF40. You just need to change the file extension from proxy.pac into proxy.dat

in the automatic discovery mode only, if I'm not wrong. When you hardcode URL, does it matter?

Chris, instead of using squid's port 3128, I've used dansguardian's port 8080.. In dansguardian config file you can set parent proxy to squid..

What's the purpose then ?

Both Christ, automatic discovery mode and hardcode URL(http://findproxyforurl.com/deploying-pac/). My plan is to implement this on DCHP/DNS Server.

The purpose of setting up Dansguardian Port is to have content filtering..

By the way, many thanks Chris!!

chris4916 · Oct 6, 2015, 8:36 AM

BTW you're right: Dansguardian does act like Squidguard, as Squid redirector but Dansguardian is an additional layer between bowser and Squid :-[

Pay attention to your file name:
some browser and applications will need proxy.pac while other will need .dat or even .da
The easiest way to achieve it still maintaining only one file is to create logical links (aliases)

dodong · Oct 8, 2015, 8:45 AM

@chris4916:

BTW you're right: Dansguardian does act like Squidguard, as Squid redirector but Dansguardian is an additional layer between bowser and Squid :-[

Pay attention to your file name:
some browser and applications will need proxy.pac while other will need .dat or even .da
The easiest way to achieve it still maintaining only one file is to create logical links (aliases)
[/quote]

Thanks for the reminder Chris! Do you have any "how-to" to do this?

chris4916 · Oct 8, 2015, 9:05 AM

As you operating system supporting proxy.pac file is Windows, you will have to create such symbolic links using mklink command and create as many logical links as needed.

e.g.

mklink wpad.dat proxy.pac

will create a new (logical) file wpad.dat linked to proxy.pac
If you modify proxy.pac content, it will modify wpad.dat too.