Contents 1 General 2 Servers 3 Configuration 3.1 Proxy By-pass 3.2 Example Proxy.pac

General

Web Proxy Auto Discovery, aka WPAD

Web browsers configured to use WPAD will try to load a javascript file over http.

Originally, browsers had to be told were to find a file called proxy.pac (some still do).

Browsers using automatic discovery will look for a server called wpad in client's dns domain name. i.e. for a PC with the dns suffix main.varndean.ac.uk, the browser will look at wpad.main.varndean.ac.uk. If there is no reponse from wpad.main.varndean.ac.uk, then the browser will try wpad.varndean.ac.uk, wpad.ac.uk and wpad.uk.

The file the browser looks for with WPAD is called wpad.dat.

Please note that by default Internet Explorer will cache the proxy.pac or wpad.dat file for half an hour, so don't forget to clear all off line content and restart IE between tests.

IE on WinXP The cleaver people at Microshite released a patch which effectively disables WPAD (the reasons were so anal and pointless I can't even remember them now). Now group policy needs to specify the full URL to the proxy.pac file and only allows us to specify one file - (no redundancy!) Joy.

Servers

At the time this was first setup wpad.main.varndean.ac.uk points to hades and wpad.varndean.ac.uk points to ares. Please check the DNS Names page to see where these aliases are currently pointing.

Each web server needs to have a file called proxy.pac in it's document root, and a permanent redirect from wpad.dat to proxy.pac.

The server's also need to specify the mime type application/x-ns-proxy-autoconfig

On ares the file is stored at /srv/www/wpad/proxy.pac and on hades, c:\inetpub\wwwroot\proxy.pac

BOTH COPIES OF THIS FILE MUST BE KEPT THE SAME. I.e. if you update the file on hades, wget wpad.main.varndean.ac.uk/proxy.pac to pull it on to ares.

Configuration

The proxy.pac file consists of some simple javascript.

One function is mandatory, findProxyForURL(url, host)

This function should return one of two strings:

• "DIRECT" - meaning by-pass the proxy server and access the server directly.
• "PROXY proxy.example.com:3128" - the proxy server dns name and port

It's possible to add all sorts of functions but we don't need anything that complicated, and also be warned that any javascript you write and test in internet explorer will probably not work in another browser (or vice-versa).

Simple if, else if, else branches should do the job nicely.

Proxy By-pass

• sites in the varndean.ac.uk domain
• ip address in the local 10.10.*.* (sites accessed without using a dns name)
• host only addresses, i.e. specifying http://hades/ rather than http://hades.main.varndean.ac.uk/
• misc

Example Proxy.pac

(please try to keep up to date ;-)

function FindProxyForURL(url,host)
{
    if (dnsDomainIs(host,'.varndean.ac.uk'))
    {
        return "DIRECT";
    }
    else if (isInNet(host, '10.10.0.0', '255.255.0.0'))
    {
        return "DIRECT";
    }
    else if (isPlainHostName(host)) 
    {
        return "DIRECT";
    }
    else
    {
        switch (host)
        {
            case "secure.cintra.com": return "DIRECT"; break;
            default: return proxyString;
        }
    }
}
var proxyString = "PROXY ninaa.main.varndean.ac.uk:3128";