We use a .pac file. Works quite well. Here's an example that will work
perfectly for most environments:-
function FindProxyForURL(url, host) {
// If URL has no dots in host name, send traffic direct.
if (isPlainHostName(host))
return "DIRECT";
// If IP address is internal or hostname resolves to internal IP, send direct.
var resolved_ip = dnsResolve(host);
if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
return "DIRECT";
// All other traffic uses below proxies, in fail-over order.
return "PROXY yourproxyserver:8080; DIRECT";
}
-----Original Message-----
From: Malcolm Reitz [mailto:[email protected]]
Sent: Tuesday, 13 July 2010 1:43 AM
To: NT System Admin Issues
Subject: RE: Internet Proxy - Group Policy Question
That's what I was getting at. Very easy to publish wpad.dat or proxy.pac via
DHCP option 252 to all clients. Make sure you point to the wpad.dat/proxy.pac
by FQDN, not IP, so the proxy is gracefully ignored when the PC is off the
corporate network.
-Malcolm
-----Original Message-----
From: Kurt Buff [mailto:[email protected]]
Sent: Monday, July 12, 2010 09:27
To: NT System Admin Issues
Subject: Re: Internet Proxy - Group Policy Question
IMHO, this is not the most effective way of going about it.
I would instead enforce that IE (and if you can, any other browsers) to
automatically detect proxy settings, then set up
http://wpad.example.com/wpad.dat, then configure wpad.dat with the settings you
want.
That way, if the above URL isn't available - because they're outside your
perimeter, for example - then the browser is free to go direct, and not use the
proxy.
Kurt
On Mon, Jul 12, 2010 at 04:08, Gavin Wilby <[email protected]> wrote:
> Good Afternoon all,
> I have a quick question regarding Internet Proxys.
> I have a site that has a GPO that forces all users to to run through
> the Message Labs proxy server. The policy forces it so it cannot be
> turned off, and there are one or two exceptions in that policy.
> Now this is all well and good right up until the point that one of the
> users (a director) takes his laptop out of the building, and then
> disappears abroad with it without telling us. The internet then stops
> working for him, as Im guessing that its trying to use a proxy server
> that it can neither find, nor authenticate to. Due to the policy being
> forced he, as an end user cant turn it off, and we have resorted to
> manually changing the registry to get it working again.
> The GPO mentioned above is of course a USER based policy, so I cant
> omit his laptop from it, and although I could omit HIM from it, I dont
> really want to, as it means he has free rein on every PC he logs into.
> No doubt Im missing something blindingly obvious here, but whats going
> to be the best solution?
>
> --
> Gavin Wilby,
> Twitter: http://twitter.com/gavin_wilby
>
>
>
>
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~