3

I'm trying to setup an automatic method for discovery my Squid proxy on the local network, by setting the browsers with "Automatic detection".

The proxy is fine and works if I specify the IP:Port manually in the client browsers, also the wpad script works if specify the script url in the client browsers.

But, I want to setup with automatic detection on every browser in the local network, and doesn't work, the browser directy show up an squid page with Access Denied message, and doesn't prompt for user/password to get access.

The proxy server as I say is working fine, is an Squid 3.1 transparent proxy.

Proxy server

IP: 192.168.1.252

/etc/squid3/squid.conf relevent settings

http_port 3128 transparent

Shorewall firewall rule settings

REDIRECT   lan          3128     tcp   80    - !192.168.1.0/24

My DNS server have set this

So, wpad.example.com/wpad.dat is resolved fine in localnetwoks stations, checked. Here is the relevant documentation about this

apacheserver    A          192.168.1.25
wpad            CNAME      apacheserver

The apacheserver have this:

/etc/apache2/sites-enable/wpad

# Auto Proxy Configuration
<VirtualHost *:80>
    ServerAdmin webmaster@example.com
    DocumentRoot /srv/custom/wpad
    ServerName wpad.example.com

    AddType application/x-ns-proxy-autoconfig  .dat
    AddType application/x-ns-proxy-autoconfig  .pac

</VirtualHost>
# vim:ft=apache:

/srv/custom/wpad/

-rw-r--r--  1 root root  346 oct  2 11:59 wpad.dat
lrwxrwxrwx  1 root root    8 oct  2 10:52 proxy.pac -> wpad.dat
lrwxrwxrwx  1 root root    8 oct  2 10:52 proxy.dat -> wpad.dat

/srv/custom/wpad/wpad.dat

function FindProxyForURL(url,host) {
    if(isInNet(host,"127.0.0.1","255.0.0.0"))
        return "DIRECT";

    if(isPlainHostName(host))
        return "DIRECT";

    if(isInNet(host,"192.168.1.0","255.255.255.0"))
        return "PROXY 192.168.1.252:3128; DIRECT";

    else
        return "PROXY 192.168.1.252:3128; DIRECT";
}

what am I missing here?

elmonkeylp
  • 149
  • 1
  • 8

1 Answers1

2

Solved myself.

Found this in the apache server access logs

192.168.1.70 - - [02/Oct/2014:16:20:02 -0300] "GET /wpad.dat HTTP/1.1" 404 493 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36"

Firefox, is attempting to fetch the file from http://wpad/wpad.dat instead of http://wpad.example.com/wpad.dat

Creating a wpad.dat file in the apache server DocumentRoot o with a ServerAlias wpadsolve the problem

# Auto Proxy Configuration
<VirtualHost *:80>
    ServerAdmin webmaster@example.com
    DocumentRoot /srv/custom/wpad
    ServerName wpad.example.com
    ServerAlias wpad

    AddType application/x-ns-proxy-autoconfig  .dat
    AddType application/x-ns-proxy-autoconfig  .pac

</VirtualHost>
# vim:ft=apache:

And just in case I put a symbolic link under /var/www pointing to /srv/custom/wpad/wpad.dat

#ls -l /var/www
lrwxrwxrwx  1 www-data www-data   25 oct  2 16:45 wpad.dat -> /srv/custom/wpad/wpad.dat

The new logs:

192.168.1.196 - - [02/Oct/2014:16:22:37 -0300] "GET /wpad.dat HTTP/1.1" 200 606 "-" "Mozilla/5.0 (compatible; IE 11.0; Win32; Trident/7.0)"
elmonkeylp
  • 149
  • 1
  • 8