Proxy Autoconfigure Setup

There are several ways to configure servers for clients to autodetect a proxy. I have seen RFC's that describe these but didn't keep links. Someone please add;

The WPAD-standard is described in an internet-draft available at http://www.web-cache.com/Writings/Internet-Drafts/draft-ietf-wrec-wpad-01.txt

References

1. http://web.archive.org/web/20060424005037/wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html

Autoconfigure URL

Most modern web clients support proxy configuration using an autoconfigure URL. This is a url that points to a simple javascript that identifies the proxy to use for each request. These can be quite simple, or amazingly elaborate (search for Squid documentation on how to do load balencing or URL hashing of multiple proxies using autoconfigure URL's). The client needs to have the URL manually entered in its configuration. Other autoconfigure techniques are just extensions of this for automaticly identifying the autoconfigure URL to use.

Create a simple text file containing the autoconfigure script in the root of your webserver. This can have whatever name you want, but an unofficial convention seems to be proxy.pac. The autoconfigure url then becomes http://your.web.server/proxy.pac. An example proxy.pac is:

    function ["FindProxyForURL"](url,host)
    {
        if ( isPlainHostName(host) |||| localHostOrDomainIs(host, "your.local.domain") )
            return "DIRECT";
        return "PROXY your.proxy.server:8080; DIRECT";
    }

This tells the web browser to go direct for plain host names or for hosts in your.local.domain, otherwise use your.proxy.server, falling back to direct if it is down.

The URL should be served up with a particular mime type, but I'm not sure what the RFC specifies, or how many clients actualy care about this. The default Debian mime type of .pac files is application/x-ns-proxy-autoconfig, and this is what apache serves it up as.

DNS based autodetection

I forget the exact details, but one method of automaticlly identifying the autoconfigure URL is to use a special DNS name and URL for your domain. Some RFC or other specifies a URL in the form http://wpad.your.local.domain/wpad.dat. Note the file name is different to the defacto standard of proxy.pac. The simple solution for this is to make wpad.your.local.domain a CNAME to your webserver and put a symlink wpad.dat pointing at proxy.pac in your website root.

Note that Debian does not have the appropriate mime type for the proxy.dat file, so apache will serve this up as text/plain. This is signifigant to some browsers, but not to some others. You need to configure Apache to force the correct mime type without deciding that all .dat files are for proxy configuration. The trick is to set up a virtual host in apache like wpad.your.local.domain, and to add the mime type within the virtual host directive.

DHCP based autodetection

I'm not sure if it's the same RFC, but the autoconfigure URL can also be delivered to clients by DHCP. I think IE is currently the only client that supports this. To do this, put the following in your /etc/dhcp3/dhcpd.conf:

    option wpad-url code 252 = text;
    option wpad-url "http://your.web.server/proxy.pac\n";

The trailing newline is included to compensate for IE 6.01's stripping of the last character.

I can't help but feel that DHCP is so tied to OS level network initialisation that clients that just run on top of an OS will never use this. Only clients that are tightly integrated with the OS like IE/win32 will be able to take advantage of it.

Warning

There is a bug in Firefox that makes the GUI hang during PAC/DNS lookup. This is quite annoying. I think that Comment #43 on https://bugzilla.mozilla.org/show_bug.cgi?id=235853 has a valuable solution to write the pac file the right way!