Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8196
Views
0
Helpful
3
Replies

Not able to bypass proxy using pac file

fpiccioni
Level 1
Level 1

‎04-02-2015 04:47 AM

Hi all

I am facing this issue: during the deploy of a WSA, I plan to use explicit proxy on client. I configured option 252 on dhcp server to point to wpad.dat file stored in WSA.

I see IE client correctly acquire the proxy information, however they do not acquire the bypass configured for local domain or for local IP addresses.

I suspect not all IE versions are able to use correctly wpad.dat.

Does someone has a working wpad.dat file to use?  Does someone has information regarding the behaviour of Mozilla FF and Chrome?

This is an example of one wpad.dat I tried (company name is masked with XXXXXX, real is resolved with local IP):

function FindProxyForURL(url, host)
 {
 if ((isPlainHostName(host) ||
 dnsDomainIs(host, ".XXXXXX.it")) &&
 !localHostOrDomainIs(host, "www.company.com") &&
 !localHostOrDoaminIs(host, "home.company.com"))
 return "DIRECT";
 else
 return "PROXY 10.50.0.110:3128";
 }

 

Labels:
0 Helpful
3 Replies 3

kussriva
Level 1
Level 1

‎04-02-2015 12:36 PM

Hi,

 

The WPAD you have created seems to be fine however try using "*" for the bypass addresses. E.g.

instead of "www.company.com" try using "*.company.com".

 

You can check sites like http://findproxyforurl.com/pac-functions/ for more examples of WPAD files.

 


Regards,

Kushagra Srivastava

Cisco PDI Helpdesk

0 Helpful

fpiccioni
Level 1
Level 1
In response to kussriva

‎04-11-2015 10:55 AM

Hi

I used a more simple wpad and it is working:

function FindProxyForURL(url, host) {
if (dnsDomainIs(host, ".XXXX.it"))
    return "DIRECT";
 return "PROXY 10.50.0.110:3128";
 }

 

Thanks to all

0 Helpful

Handy Putra
Cisco Employee
Cisco Employee

‎04-03-2015 07:04 PM

Would not really recommend to stored your PAC file in WSA (even though the option is there in WSA), the reason being is that if the WSA that stored that file is down, therefore you would not have the redundancy to go out to the internet since you will need to access the PAC/WPAD file first however the device that hosted that file is not accessible.

 

Would recommend to host that file in different device such as your web server, etc, in case there is failure in the proxy so you can apply temporary workaround to redirect traffics.

0 Helpful
Customers Also Viewed These Support Documents