Thanks again for your help Blake. I also found this link to be useful:
http://blog.freyguy.com/archives/2006/03/01/proxy-auto-detect-ie-and-firefox/
So, I think I've got it sorted out. To summarize the steps for
posterity: I created a wpad.dat file - below is an abbreviated version
of it, which I'll be testing out on Saturday.
----------begin wpad.dat----------
function FindProxyForURL(url, host)
{
if (shExpMatch(host, "helpdesk")) { return "DIRECT"; }
if (shExpMatch(host, "itwiki")) { return "DIRECT"; }
if (isInNet(myIpAddress(), "10.0.1.0", "255.255.255.0")) return "PROXY
192.168.8.72:3128";
if (isInNet(myIpAddress(), "10.0.2.0", "255.255.255.0")) return "PROXY
192.168.8.72:3128";
if (isInNet(myIpAddress(), "192.168.38.0", "255.255.255.0")) return "DIRECT";
if (isInNet(myIpAddress(), "192.168.61.0", "255.255.255.0")) return
"PROXY 192.168.61.5:3128";
}
----------end wpad.dat----------
There are two web sites that have exceptions, because they're
internal, and nobody in any office should go through a proxy to get to
them.The first two subnets are in the US, the third one is in the UK
office (no proxy) and the third one is in the AU office.
I then created a web site called wpad, and entered it in DNS as
wpad.example.tld and put the wpad.dat file in the root of it, and gave
it a separate IP address.
I then created a DHCP scope option - 252, and populated it with
http://wpad.example.tld/wpad.dat, and assigned it to the IT subnet
scope for testing. I'll make it a global scope option on all three
sites after I confirm that it works as expected.
The last big kicker is for Win2k3+ DNS server, and is discussed here:
http://support.microsoft.com/kb/2003485
The only issue I see for the moment is that if the overseas offices
lose VPN connectivity to the US office, they won't get the wpad.dat
file. This shouldn't be an issue for the UK office, since they don't
have a proxy. For the AU office, this might be an issue, but I believe
that they should be covered, because the browsers should cache the
wpad.dat file.
Anyone care to comment on the above?
Kurt
On Wed, Dec 30, 2009 at 17:47, Blake Covarrubias <blake_at_ekalb.net> wrote:
> On Dec 30, 2009, at 4:26 PM, Kurt Buff wrote:
>
>> I'm scouring the web, not finding much, and hope some of you here have
>> a clue for me. Google, with 'wpad.dat examples' and 'wpad.dat syntax'
>> aren't yielding much for me - though perhaps I'm missing what's in
>> front of my face.
>
> You probably want to look at:
>
> http://en.wikipedia.org/wiki/Proxy_auto-config
> http://web.archive.org/web/20060424005037/wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html
>
>> I am looking for a solution that will allow FF in each office to query
>> the web site in the US office ( because
>> http://wpad.example.tld/wpad.dat will be the same for every office),
>> and get back settings that are appropriate to the office. In the UK
>> office that would be no proxy, just direct - in the AU office that
>> would be the local proxy server, with appropriate exceptions for
>> intranet sites, and the US office the same as the AU office.
>
> You can dynamically generate proxy.pac from a CGI script. Look at the source IP and customize appropriately.
>
> http://www.squid-cache.org/mail-archive/squid-users/199708/0193.html
>
> Just setup your web server to handle .pac or .dat requests as a CGI. In lighttpd you'd use cgi.assign and Apache would use AddHandler in your <Directory> config.
>
> http://redmine.lighttpd.net/wiki/1/Docs:ModCGI
> http://httpd.apache.org/docs/2.2/howto/cgi.html
>
>
> Hope this helps.
>
> --
> Blake Covarrubias
Received on Thu Dec 31 2009 - 17:10:25 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 01 2010 - 12:00:01 MST