On Thu, Jan 8, 2009 at 4:45 PM, Joseph L. Casale <[email protected]> wrote: > Well, my firefox clients pick up the settings but not ie7. > I am using the dns (cname) / dhcp option 252 method. > > How are you doing it, and do you have it working with ie7?
We haven't deployed MSIE 7 here yet. I'll see if I can get a sandbox VM running with it to test. MSIE 6 and Firefox 3.x on Win XP Pro SP2 both work fine. Here's what we did: We implemented the DNS method of WPAD. We didn't even bother with DHCP; the DNS method has worked fine for us for everything. I seem to recall reading that the DHCP method isn't as widely implemented in clients, but I could be wrong on that. We created a CNAME record named <wpad.corp.example.com.>, where <corp.example.com.> is our Active Directory domain name, and the default DNS suffix for our LAN. Thus, clients attempting to do WPAD via DNS end up requesting <http://wpad.corp.example.com/wpad.dat>. The right-hand-side of the CNAME record specifies <foo.corp.example.com.>, where <foo> is our proxy server. Our proxy server also runs an Apache web server, which is configured with an alias such that </wpad.dat> redirects to </proxy.pac>. That's our proxy auto-config script. Apache also knows that a *.pac file is of MIME type <application/x-ns-proxy-autoconfig>. To do that, the following was added to the Apache config file: AddType application/x-ns-proxy-autoconfig .pac Redirect /wpad.dat http://foo/proxy.pac Our proxy auto-config script looks like this: function FindProxyForURL(url, host) { if ( isPlainHostName(host) || dnsDomainIs(host, ".corp.example.com") || shExpMatch(url, "http://10.*";) || shExpMatch(url, "http://127.*";) ) return "DIRECT"; else return "PROXY proxy:8080"; } We also have a CNAME <proxy.corp.example.com.> that yields our proxy server. (I'm big on using generic aliases for specific hosts, so when things change you don't have to reconfigure a bunch of things, just the alias.) The script causes browsers to bypass our proxy for internal systems, and use our proxy for everything else. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
