Recent Web browsers have the ability to automatically detect a web proxy to use. This tutorial shows you how to set up automatic proxy detection.
The first automatic detection system, called PAC, was in Netscape Navigator. This allowed you to specify a javascript script which told the browser which proxy to use. This provided a central position from which to change proxy servers.
This still had a slight disadvantage in that you needed to specify the script location. If you needed to change the lcoation you still had to visit all your clients. The solution for this is WPAD (Web Proxy AutoDiscovery). This is a set of methods for finding the PAC script to be tried in order.
The involves creating a javascript script to return which proxy servers to use. The script needs to define the function which will be called by the browser for every URL that is retrieved:
string FindProxyForURL stringurl stringhostname
- url
- The full URL being accessed.
- host
- The hostname extracted from the URL. This is only for convenience, it is the exact same string as between :// and the first : or / after that. The port number is not included in this parameter. It can be extracted from the URL when necessary.
- return value
- A string describing the configuration.The return value of the function should be a semicolon seperated list of options from the following list:
- DIRECT
- Connections should be made directly, without any proxies.
- PROXY host:port
- The specified proxy should be used.
- SOCKS host:port
- The specified SOCKS server should be used.
A null string is the same as DIRECT. Each option will be tried in turn until one is useable.
Basic proxy.pac
You can download the source for this example athttp://www.davidpashley.com/articles/proxy.pac
function FindProxyForURL(url, host)
{
if (isInNet(host, "192.168.0.0", "255.255.0.0")) {
return "DIRECT";
} else {
if (shExpMatch(url, "http:*"))
return "PROXY webcache.domain.com:3128" ;
if (shExpMatch(url, "https:*"))
return "PROXY webcache.domain.com:3128" ;
if (shExpMatch(url, "ftp:*"))
return "PROXY webcache.domain.com:3128" ;
return "DIRECT";
}
}
You need to place this on a web server accessable from your clients. The file should have a.pac extension (e.g. proxy.pac) and should just contain the javascript and not embedded in HTML. You will also need to configure your webserver to map the .pac filename extension to the application/x-ns-proxy-autoconfig MIME type. If you are using the Apache webserver put the following line in your httpd.conf
AddType application/x-ns-proxy-autoconfig .pac
More information, useful javascript functions and examples can be found athttp://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html
WPAD is not designed to find the actual proxy settings, but to find the PAC script which tell the browser which settings to use. WPAD uses several methods for finding out location of the PAC script. If the method does not provide information about the port or the path name, then the client should use, as defaults, port 80 and /wpad.dat respectively. The client should not use a default host.
There are several methods clients should use for finding the PAC file. They should be used in the order shown below, but clients are onoly required to use DHCP and well known aliases.
- Dynamic Host Configuration Protocol (DHCP)
- Service Location Protocol (SLP)
- “Well Known Aliases” using DNS A records
- DNS SRV Records
- “service: URLS” in DNS TXT records
Clients using DHCP need to look for an option using the 252 option code. ISC DHCP server doesn’t support this option by default, but it does support adding arbitary options. To enable ISC DHCP server to advertise the location of your PAC file add the following two lines to your/etc/dhcp/dhcpd.conf file.
option local-pac-server code 252 = text; option local-pac-server "http://wpad.example.com/wpad.dat";
The first line needs to go in the global section, but you can use the second line anywhere were you can use options, e.g. in a host declaration.