cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6733
Views
0
Helpful
3
Replies
Highlighted
Beginner

Not able to bypass proxy using pac file

Hi all

I am facing this issue: during the deploy of a WSA, I plan to use explicit proxy on client. I configured option 252 on dhcp server to point to wpad.dat file stored in WSA.

I see IE client correctly acquire the proxy information, however they do not acquire the bypass configured for local domain or for local IP addresses.

I suspect not all IE versions are able to use correctly wpad.dat.

Does someone has a working wpad.dat file to use?  Does someone has information regarding the behaviour of Mozilla FF and Chrome?

This is an example of one wpad.dat I tried (company name is masked with XXXXXX, real is resolved with local IP):

function FindProxyForURL(url, host)
 {
 if ((isPlainHostName(host) ||
 dnsDomainIs(host, ".XXXXXX.it")) &&
 !localHostOrDomainIs(host, "www.company.com") &&
 !localHostOrDoaminIs(host, "home.company.com"))
 return "DIRECT";
 else
 return "PROXY 10.50.0.110:3128";
 }

 

3 REPLIES 3
Highlighted
Beginner

Hi,

 

The WPAD you have created seems to be fine however try using "*" for the bypass addresses. E.g.

instead of "www.company.com" try using "*.company.com".

 

You can check sites like http://findproxyforurl.com/pac-functions/ for more examples of WPAD files.

 


Regards,

Kushagra Srivastava

Cisco PDI Helpdesk

Highlighted

Hi

I used a more simple wpad and it is working:

function FindProxyForURL(url, host) {
if (dnsDomainIs(host, ".XXXX.it"))
    return "DIRECT";
 return "PROXY 10.50.0.110:3128";
 }

 

Thanks to all

Highlighted
Cisco Employee

Would not really recommend to stored your PAC file in WSA (even though the option is there in WSA), the reason being is that if the WSA that stored that file is down, therefore you would not have the redundancy to go out to the internet since you will need to access the PAC/WPAD file first however the device that hosted that file is not accessible.

 

Would recommend to host that file in different device such as your web server, etc, in case there is failure in the proxy so you can apply temporary workaround to redirect traffics.

Content for Community-Ad