On Fri, Jul 24, 2009 at 10:52 AM, Weatherford,
Chad<[email protected]> wrote:
> Setup option 252 pointing to http://10.110.1.124:8083/wpad.dat . Do I need a
> DNS setting as well?
From what I recall, the DHCP variant of WPAD doesn't work especially
well, and many browsers don't support it. Use DNS-based detection
instead.
Create a CNAME (DNS alias) so that <wpad> in your default domain
search list resolves to a web server you control. For example, if
your Active Directory domain name is <corp.scvl.com>, and
<foo.corp.scvl.com> is a web server, create <wpad.corp.scvl.com> as a
CNAME for <foo.corp.scvl.com>.
Then, on that web server, create a </wpad.dat> object (at the root
of the default site). That object should be a proxy auto-config
script, of MIME type <application/x-ns-proxy-autoconfig>.
We use Apache for this, so we added something like the following to
ye old httpd.conf file:
AddType application/x-ns-proxy-autoconfig .pac
Redirect /wpad.dat http://foo.corp.scvl.com/proxy.pac
If you're running IIS, then you create a redirect and a custom MIME type.
Then our WPAD config file looks like (adapted to fit this example):
function FindProxyForURL(url, host) {
if ( isPlainHostName(host)
|| dnsDomainIs(host, ".corp.scvl.com")
|| shExpMatch(url, "http://10.*";)
|| shExpMatch(url, "http://127.*";)
)
return "DIRECT";
else
return "PROXY proxy.corp.scvl.com:8080";
}
The above assumes your proxy is at <proxy.corp.scvl.com> on TCP port
8080. I recommend using a generic CNAME for your proxy, too, in case
your proxy changes in the future.
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
