That link was also suggested by google, and it's a bit useful. I also found this link, which was even more useful:
http://blog.freyguy.com/archives/2006/03/01/proxy-auto-detect-ie-and-firefox/ So, I think I've got it sorted out. To summarize the steps for posterity: I created a wpad.dat file - below is an abbreviated version of it, which I'll be testing out on Saturday. ----------begin wpad.dat---------- function FindProxyForURL(url, host) { if (shExpMatch(host, "helpdesk")) { return "DIRECT"; } if (shExpMatch(host, "itwiki")) { return "DIRECT"; } if (isInNet(myIpAddress(), "10.0.1.0", "255.255.255.0")) return "PROXY 192.168.8.72:3128"; if (isInNet(myIpAddress(), "10.0.2.0", "255.255.255.0")) return "PROXY 192.168.8.72:3128"; if (isInNet(myIpAddress(), "192.168.38.0", "255.255.255.0")) return "DIRECT"; if (isInNet(myIpAddress(), "192.168.61.0", "255.255.255.0")) return "PROXY 192.168.61.5:3128"; } ----------end wpad.dat---------- There are two web sites that have exceptions, because they're internal, and nobody in any office should go through a proxy to get to them.The first two subnets are in the US, the third one is in the UK office (no proxy) and the third one is in the AU office. I then created a web site called wpad, and entered it in DNS as wpad.example.tld and put the wpad.dat file in the root of it, and gave it a separate IP address. I then created a DHCP scope option - 252, and populated it with http://wpad.example.tld/wpad.dat, and assigned it to the IT subnet scope for testing. I'll make it a global scope option on all three sites after I confirm that it works as expected. The last big kicker is for Win2k3+ DNS server, and is discussed here: http://support.microsoft.com/kb/2003485 The only issue I see for the moment is that if the overseas offices lose connectivity, they won't get the wpad.dat file. This shouldn't be an issue for the UK office, since they don't have a proxy. For the AU office, this might be an issue, but I believe that they should be covered, because the browsers should cache the wpad.dat file. Anyone care to comment on the above? Kurt On Thu, Dec 31, 2009 at 06:58, Jeff Bunting <[email protected]> wrote: > Kurt, > I think you want to create a PAC (proxy auto-config) file and direct them > to their local proxy server based on their ip address. Should work for both > IE and FF. > > this page has some good explanations and examples: > > http://www.findproxyforurl.com/pac_functions_explained.html > > Jeff > > On Wed, Dec 30, 2009 at 6:02 PM, Kurt Buff <[email protected]> wrote: >> >> WPAD works great in the US office, for both FF and IE. >> >> However, I must consider the overseas offices, because it's a really >> bad idea to try to run their web traffic to outside web sites through >> our proxy server here. >> >> The big problem is (as you pointed out) that FF doesn't do the >> DHCP-and-DNS method of WPAD - it *only* looks for >> http://wpad.example.tld/wpad.dat. Therefore, I must find a way for at >> least one of the offices to get their settings for FF (and perhaps IE, >> but that's optional, and can be done otherwise with the DHCP-and-DNS >> method) from the wpad.dat file here in the US, and redirect them to >> the proxy server in their own office. >> >> That's because, as far as I know, given that I have a single >> forest/single domain configuration, I can't have >> http://wpad.example.tld exist in two offices at once, especially with >> two different wpad.dat files. >> >> So, I'm looking for how to serve that up out of the single wpad.dat >> file I can have on the web site. >> >> Even if I get that working, however, I'll still have the issue that if >> the connection is down between here and there, they'll have to >> manually configure their browsers regardless, which is a PITA. >> >> Kurt >> >> On Wed, Dec 30, 2009 at 14:43, Matthew W. Ross <[email protected]> >> wrote: >> > So it's not working for you if you have the DHCP setting for option 252 >> > set? Even if you have the wpad.* domain pointing at your proxy server? >> > >> > Odd. My reading says that Firefox doesn't even tech the DHCP method. It >> > only works with the DNS method. DHCP shouldn't be effecting FF at all... >> > >> > Can you ping wpad, or wpad.yourdomain? I couldn't until I turned off the >> > Microsoft DNS server blacklist... which I don't have a link for you right >> > now. Microsoft will allow you to enter wpad into your dns server, but won't >> > actually respond to it until you turn that blacklist off. That took me half >> > a day to figure out. >> > >> > >> > --Matt Ross >> > Ephrata School District >> > >> > >> > ----- Original Message ----- >> > From: Kurt Buff >> > [mailto:[email protected]] >> > To: NT System Admin Issues >> > [mailto:[email protected]] >> > Sent: Wed, 30 Dec 2009 >> > 14:38:18 -0800 >> > Subject: Re: Further WPAD issue - not DNS... >> > >> > >> >> Yes, WPAD works with firefox, but only with DNS, not with >> >> DHCP-and-DNS, even though DHCP-and-DNS is more secure. >> >> >> >> On Wed, Dec 30, 2009 at 13:57, Matthew W. Ross >> >> <[email protected]> >> >> wrote: >> >> > WPAD does work with firefox... If you select the "Automatically >> >> > detect >> >> proxy" setting in the proxy configuration. >> >> > >> >> > To do this, You must edit the %programfiles%\Mozilla >> >> Firefox\greprefs\all.js file, and change the following line: >> >> > >> >> > pref("network.proxy.type", 0); >> >> > >> >> > ... to ... >> >> > >> >> > pref("network.proxy.type", 4); >> >> > >> >> > I just need a clean and easy way to do this for all computers in our >> >> domain. Can anybody help with that? >> >> > >> >> > >> >> > --Matt Ross >> >> > Ephrata School District >> >> > >> >> > >> >> > ----- Original Message ----- >> >> > From: Kurt Buff >> >> > [mailto:[email protected]] >> >> > To: NT System Admin Issues >> >> > [mailto:[email protected]] >> >> > Sent: Wed, 30 Dec 2009 >> >> > 13:16:17 -0800 >> >> > Subject: Further WPAD issue - not DNS... >> >> > >> >> > >> >> >> So, I've got the US office working - now I had to consider our >> >> >> foreign >> >> >> offices. >> >> >> >> >> >> The AU office has a proxy of its own, but the UK office doesn't have >> >> >> a >> >> >> proxy server. >> >> >> >> >> >> I can configure DHCP in each office to point IE to another web site, >> >> >> each for a wpad.dat of their own, for each office, but that doesn't >> >> >> help with FireFox, which is in widespread use. >> >> >> >> >> >> Anyone run into this? Any ideas on how to solve it? I've been >> >> >> googling, and not finding any real answers to this. >> >> >> >> >> >> Kurt >> >> >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> >> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> >> >> > >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> > >> >> > >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> >> >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
