Developers Documentation

×

Warning

0 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Proxy Server Auto-Detection

This document has now been deprecated in favour of the Web Proxy Auto-detection Configuration Knowledgebase Article.

This howto describes how to configure web proxy auto-detection on ClearOS. The proxy and content filter can be configured in two different mode:

  • Transparent mode
  • Non-transparent mode

When the proxy is running in transparent mode, no changes are required for web browsers using your ClearOS gateway. However, it is not possible to proxy secure/SSL connection in this mode, nor is it possible to use user authentication to gain access to the web. These limitations do not exist when running the proxy server in non-transparent mode. However, it is now necessary to configure proxy server settings for web browsers using your ClearOS gateway. Fortunately, it is possible to configure proxy server auto-detection. Read on!

Network Configuration

Most web browsers are configured to automatically look for proxy server settings. Before going to its first page, the web browser will attempt to download the proxy server settings file from http://wpad.example.lan The example.lan domain name is typically automatically set via your DHCP server settings. It can also be set manually in your network settings.

The next step is to add the DNS record for wpad.example.lan. If you are using the ClearOS Local DNS Server for your network, then go to Network|Settings|Local DNS Server in the web-based administration tool. Add wpad.example.lan as a new alias for the IP address of your ClearOS system.

As a sanity check, you can try going to http://wpad.example.lan:82/index.php in your web browser. If you do not see a login screen, then double check your DNS server setup.

As an additional sanity check, go to http://wpad:82/index.php in your web browser. If you do not see a login screen, then make sure your client operating system is configured with the default domain example.lan. If you are using the DHCP server for configuring the default domain, check those settings too.

WPAD - Proxy Configuration File

Now it's time to create the wpad.dat file for your ClearOS system. A very basic example is as follows:

function FindProxyForURL(url, host)
{
    return "PROXY 192.168.1.1:8080";
}

The wpad.dat file should go into the directory /var/webconfig/htdocs/ on a ClearOS 5.x system or /usr/clearos/framework/htdocs/ for ClearOS 6.x. As a sanity check, you should see a plain file or a download button when you go to http://example.lan:82/wpad.dat in your web browser.

Finishing Off

Fire up the web proxy from the Gateway|Proxy and Filtering|Proxy Server page. Try running the proxy with:

  • Transparent mode disabled
  • Content filter enabled

As yet another sanity check, go to Google and type in some naughty words. If all goes well, the content filter block page will appear!

Advanced Options

If you want to perform some more advanced functions, here are some code snippets to start you off. Check the links at the bottom of the page for more information.

The following is useful when applying exceptions for internal websites - forcing them to go direct rather than through the proxy server.

if (isInNet(host, "192.168.1.0", "255.255.255.0")) { return "DIRECT"; }

Troubleshooting

If you have Windows Servers perfoming DNS on your network, you will need to add wpad.example.lan to that DNS server. You may then run into a problem with EventID 6268 and the global query blocklist preventing modification of the wpad host name. To fix the issue do the following:

To allow WPAD entries to be returned, remove the WPAD entry from the blocklist by using these steps:

  1. Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
  2. Double-click on the GlobalQueryBlockList value to open the editor.
  3. Highlight the wpad entry and press the delete key
  4. Click 'OK' and 'OK' again to return to the main window
  5. Restart the 'DNS Server' service

Important: By default, a wpad and isatap value will be present. Do not delete the isatap value.

content/en_us/kb_howtos_proxy_server_auto-detection.txt · Last modified: 2018/04/02 07:42 by nickh

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Akb_howtos_proxy_server_auto-detection&1568839408