Force devices to squid
-
Hi guys I have setup squid 3 and squid guard on pfssense 2.2.6 and I learned that I cant filter https in transparent mode using squid switch to explicit pointed browser to squid and everything is fine, but I woild like to know if there is a way to force all traffic to squid like a firewall rule so I will not have to set the proxy for all devices that come and go, I read about wpad but I was totally lost on even how to start, so I thought maybe a firewall rule may help or something thanks so much and regards
-
Well you could do that but then that's basically what transparent mode is and you would end up with the same result: browser warnings for HTTPS sites. WPAD isn't hard to implement. The hardest part is having an HTTP web server to serve the wpad.dat and proxy.pac files. You can use pfSense for this if you have it running in HTTP mode. After that, it's just a DNS host override entry and DHCP option 252 entry. Make sure you block off ports 80/443 so people can't just go direct and not use the proxy. The pfSense WPAD page gives you everything with the exception of the DHCP option 252 entry but Google or here can help you with that.
-
@KOM:
Well you could do that but then that's basically what transparent mode is and you would end up with the same result: browser warnings for HTTPS sites. WPAD isn't hard to implement. The hardest part is having an HTTP web server to serve the wpad.dat and proxy.pac files. You can use pfSense for this if you have it running in HTTP mode. After that, it's just a DNS host override entry and DHCP option 252 entry. Make sure you block off ports 80/443 so people can't just go direct and not use the proxy. The pfSense WPAD page gives you everything with the exception of the DHCP option 252 entry but Google or here can help you with that.
Thanks for your great help, but I cant understand how do I create this wpad file? do I have to ccreate it using a program? or in pfsense? I will host wpad on pfsense in http mode
-
It's just a simple text file. Create the wpad.dat file and copy in that javascript function, replacing the IP address with your pfSense LAN IP address:
function FindProxyForURL(url,host)
{
return "PROXY 192.168.1.1:3128";
}Save the file and then copy it to proxy.pac so that you have two files with the same contents, one named wpad.dat and one named proxy.pac. Copy them both to your pfSense box via either SSH or the File Manager package. Create the DNS host override so that autodiscover.yourdomain.whatever points to your pfSense LAN.
-
Hi I created 3 word documents 1 wpad.dat 2 wpad.da 3 proxy.pac I uploaded them to usr/local/www went to dns resolver and put
host wpad
domain localdomain
ip 192.168.1.1
description WPAD Autoconfigure Host
went to the firewall blocked ports 80 and 443 LAN
Now I had a problem I could not brows internet and could not enter pfsense web any more I manually pointed the browser to squid it worked untill i restarted pfsense and thats when I could not enter the web gui and could not brows any more even when pointing the browser to squid, I had to reset to factry defaults from the console. what could have I done wrong or missing to do? thank you so much for you Patience with me
-
I re did evrything and in domain I put my ip adress I am not sure about this setting but anyway I blocked port 80 but the browser did not switch to the proxy I pointed the chrome browser to the proxy and I can brows ok but when I remove the proxy setting it does nothing on http
-
They need to be simple text files, not Word documents with loads of extra formatting codes and other invisible things in them. Create them in Notepad.
-
@KOM:
They need to be simple text files, not Word documents with loads of extra formatting codes and other invisible things in them. Create them in Notepad.
sorry for saying word doc I created them in a note pad
function FindProxyForURL(url,host)
{
return "PROXY 192.168.1.1:3128";
}
this is what i put in them but for some reason it is not working, do I have to do any firewall rules or something? -
Is your pfSense LAN IP address 192.168.1.1? I did say earlier to replace the IP address in the example with your own.
-
@KOM:
Is your pfSense LAN IP address 192.168.1.1? I did say earlier to replace the IP address in the example with your own.
yes I left the default 192.168.1.1
-
For clients to be able to find it, they need to be able to resolve autodiscover.YourDomain.something. If this address can't be resolved or they are unaware of the local domain then it won't work. If they aren't set to autodiscover the proxy then it won't work. If they can't read the file then it won't work. Can you go to http://autodiscover.yourdomain.whatever/wpad.dat and get the contents of the file?
-
contacted to proxy manually and got this
http://autodiscover.localdomain/wpad.datThe requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: http://autodiscover.localdomain/wpad.dat
Unable to determine IP address from host name autodiscover.localdomain
The DNS server returned:
Name Error: The domain name does not exist.
This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.Your cache administrator is admin@localhost.
when disconnected from proxy I got nothing just page cant load error
-
…try http://xxx.xxx.xxx.xxx/wpad.dat
You should get a file download named wpad.dat (there will be no .txt and it wont open like a normal text file...). If it doesn't download, then something is very wrong.
-
…try http://xxx.xxx.xxx.xxx/wpad.dat
You should get a file download named wpad.dat (there will be no .txt and it wont open like a normal text file...). If it doesn't download, then something is very wrong.
Hi I did http://192.168.1.1/wpad.dat and got 404 error
-
Is your web-configurator using HTTP or HTTPS? You are storing the wpad.dat and two other files in the correct directory, right?
Should be /usr/local/www
I mean, if the following has been done, wpad should be working.
1: Set WebConfigurator to HTTP
2: Set the DHCP and DNS methods for proxy auto-discovery
3: Store wpad.da, wpad.dat, and proxy.pac in /usr/local/www
4: Set devices to autodiscovery for proxy settings.The fact that your pfsense install shows a 404, means that the files are, in fact, not stored in the proper directory, or are not named properly.
-
WOW GUYS IT IS WORKING GREAT NOW the problem was my stupidity , when I saved the wpad I did not do "wpad.dat" I just did wpad.dat so I was just uploading a text doc lool, now I saved them the right way and its great thank you so much for all your kind help, the pc works fine now I am trying to see about my android phones as they are not using for auto proxy and when I select proxy auto it asks for a address, by any chance do you know what url should be entered? thanks to all
-
Ok solved it also put http://pfsenseip/wpad.dat everything is great thank you all
-
Android sadly doesn't support WPAD, probably never will.. Also has horrible certificate support.
Easiest way for Android to hit your proxy, is on the wifi connection for your network in Android, is to set a "manual proxy" and enter in the router config, so 192.168.1.1 and 3128 for the port, and save.
-
Ye thanks I went to the wifi ssid held down on the ssid advance settings config auto proxy and gave it http://192.168.1.1/wpad.dat and it works great I did as you also suggested and workes great also. :)
BIGGEST THANKS GOES TO KOM as I would have given up if it was not for him thanks you are a really great help here
-
I just dug my way out of a major snowstorm where I am. Glad you got it working.
