Wpad problem (DNS)

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Wpad problem (DNS)

erdosain9
Hi to all.
Im trying to put proxy trough DNS. Im working on a Windows Server 2012 r2.
I follow a lot of tutorial... and cant do it.
The best i have is this (and is strange).
When the pc start i see in log of squid the ip of that pc.

 tail -f /var/log/squid/access.log | grep 192.168.6.22
1532616150.629     77 192.168.6.22 TCP_REFRESH_UNMODIFIED/200 316 GET
http://www.msftncsi.com/ncsi.txt - HIER_DIRECT/200.81.17.41 text/plain

but, if i go throug a web browser, nothing appears in access.log... is like
the things that the system search (is a windows 7) goes trough proxy, but
not the thing that i search in the web browser (it's configured to "detect
automatic").

I do this in windows server.
Create a web with IIS, and put wpad.dat file. (create the mime)
In the DNS, create a new zone wpad, and put a new record txt with this
"service: wpad:!http://wpad.xxxx.xxx:80/wpad.dat"
and a CNAME in my domain with a A record name wpad, and fqdn: the hostname
of the server.

i unblock the wpad in the dns also.

And as i say, the system of the machine use the proxy, but not the web
browser... so... some help???

Thanks to all!



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Wpad problem (DNS)

Antony Stone
On Thursday 26 July 2018 at 17:06:20, erdosain9 wrote:

> Hi to all.
> Im trying to put proxy trough DNS. Im working on a Windows Server 2012 r2.
> I follow a lot of tutorial... and cant do it.
> The best i have is this (and is strange).
> When the pc start i see in log of squid the ip of that pc.
>
>  tail -f /var/log/squid/access.log | grep 192.168.6.22
> 1532616150.629     77 192.168.6.22 TCP_REFRESH_UNMODIFIED/200 316 GET
> http://www.msftncsi.com/ncsi.txt - HIER_DIRECT/200.81.17.41 text/plain
>
> but, if i go throug a web browser,

Which browser?

Have you tried others?

> nothing appears in access.log... is like the things that the system search
> (is a windows 7) goes trough proxy, but not the thing that i search in the
> web browser (it's configured to "detect automatic").
>
> I do this in windows server.
> Create a web with IIS, and put wpad.dat file. (create the mime)
> In the DNS, create a new zone wpad, and put a new record txt with this
> "service: wpad:!http://wpad.xxxx.xxx:80/wpad.dat"
> and a CNAME in my domain with a A record name wpad, and fqdn: the hostname
> of the server.
>
> i unblock the wpad in the dns also.
>
> And as i say, the system of the machine use the proxy, but not the web
> browser... so... some help???
>
> Thanks to all!

Antony.

--
"I estimate there's a world market for about five computers."

 - Thomas J Watson, Chairman of IBM

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Wpad problem (DNS)

erdosain9
Hi, thanks
I try Explorer 8.0 and Chrome 68.0...




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Wpad problem (DNS)

Walter H.
On 26.07.2018 17:32, erdosain9 wrote:
> Hi, thanks
> I try Explorer 8.0 and Chrome 68.0...
this can be deactivated on browser side; then wpad.... is for the cats ...

Walter


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Wpad problem (DNS)

Amos Jeffries
Administrator
In reply to this post by erdosain9
On 27/07/18 03:06, erdosain9 wrote:

> Hi to all.
> Im trying to put proxy trough DNS. Im working on a Windows Server 2012 r2.
> I follow a lot of tutorial... and cant do it.
> The best i have is this (and is strange).
> When the pc start i see in log of squid the ip of that pc.
>
>  tail -f /var/log/squid/access.log | grep 192.168.6.22
> 1532616150.629     77 192.168.6.22 TCP_REFRESH_UNMODIFIED/200 316 GET
> http://www.msftncsi.com/ncsi.txt - HIER_DIRECT/200.81.17.41 text/plain
>
> but, if i go throug a web browser, nothing appears in access.log... is like
> the things that the system search (is a windows 7) goes trough proxy, but
> not the thing that i search in the web browser (it's configured to "detect
> automatic").
>
> I do this in windows server.
> Create a web with IIS, and put wpad.dat file. (create the mime)
> In the DNS, create a new zone wpad, and put a new record txt with this
> "service: wpad:!http://wpad.xxxx.xxx:80/wpad.dat"
> and a CNAME in my domain with a A record name wpad, and fqdn: the hostname
> of the server.
>

Okay, the TXT record is not one I've encountered before but the CNAME/A
records match what I know IE8 supported.

Does the wpad.xxxx.xxx:80 server provide the wpad.dat file with the
correct mime type "application/x-ns-proxy-autoconfig" in HTTP response
message?

Does the wpad.dat file contain valid PAC syntax pointing receivers to
use the proxy?
 <http://findproxyforurl.com/> has more info on what the PAC file needs
to contain.

What OS is the client machine using?
 Presence of IE 8 hints that it is an older one (XP?) where there may be
ipconfig related tricks needed.


If you have not already done so that site also has troubleshooting tools
and how-to at <http://findproxyforurl.com/troubleshooting-pac-wpad/>.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Wpad problem (DNS)

L A Walsh
In reply to this post by erdosain9
erdosain9 wrote:
>  tail -f /var/log/squid/access.log | grep 192.168.6.22
> 1532616150.629     77 192.168.6.22 TCP_REFRESH_UNMODIFIED/200 316 GET
> http://www.msftncsi.com/ncsi.txt - HIER_DIRECT/200.81.17.41 text/plain
>  
---
    You may have some different setup, but this is what works
for me and seems to work for IE, FF, Opera et al.

For wpad, the browsers should look up wpad locally, 1st --
with no domain, then FQDN like wpad.xxx.example.com, then
wpad.example.com.  I also have my internal hosts setup to
lookup hosts on nmb -- so it also serves the hostname.

    It shouldn't have to go through the proxy to get the wpad
file -- sorta defeats the purpose.

At a windows prompt, I can do nslookup:
>  nslookup wpad
Server:  ishtar.sc.tlinx.org
Address:  192.168.33.1

Name:    Ishtar.sc.tlinx.org
Address:  192.168.33.1
Aliases:  wpad.sc.tlinx.org

---
or from linux:
>  dig wpad

; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> wpad
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34174
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;wpad.sc.tlinx.org.   IN  A

;; ANSWER SECTION:
wpad.sc.tlinx.org.  28000 IN  CNAME Ishtar.sc.tlinx.org.
Ishtar.sc.tlinx.org.  28000 IN  A 192.168.33.1
...more stuff deleted...



--- then trying to get wpad.dat:
>  wget --no-proxy http://wpad/wpad.dat
--2018-07-30 23:09:51--  http://wpad/wpad.dat
Resolving wpad (wpad)... 192.168.33.1
Connecting to wpad (wpad)|192.168.33.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1480 (1.4K) [application/octet-stream]
Saving to: ‘wpad.dat’
2018-07-30 23:09:51 (190 MB/s) - ‘wpad.dat’ saved [1480/1480]

and my wpad.dat looks sorta like (BTW -- my socks stuff has never worked
right, but haven't bothered to track it down, so might wanna ignore it!).
also on my net, web-proxy, socks, etc...all point to same machine.



function FindProxyForURL(url, host) {
    // Some functions available:
    //    isPlainHostName(host)
    //    dnsDomainIs(host,".domainname.org")
    //    localHostOrDomainIs(host, "myhost.mydom.org")  (exact matching)
    //    isResolvable(host) - brwsr may 'longpause' if host !resolvable
    //    isInNet(host, 192.168.3.0, mask)
    //    dnsResolve(host) - returns IP from hostname
    //    shExpMatch(url, "*vpn.domain.com*")
    //    weekdayRange("MON, "FRI")
    //    dateRange("JAN", "MAR")
    //    timeRange(8, 18)
    //    myIpAddress() - my own numeric IP

    // References:
    // see http://en.wikipedia.org/wiki/Proxy_auto-config
    // or http://www.findproxyforurl.com

    var direct = "DIRECT";
    var sc_http_proxy = "PROXY web-proxy.sc.example.org:8118";
    var sc_socks_proxy = "SOCKS socks.sc.example.org:1080";
    var sc_http_w_socks_backup = sc_http_proxy + sc_socks_proxy;
    var news_proto_re = /^s?news://.*$/;
    var news_port_re = /^[^:]+://[^:/]+:(?:119|563)/.*$/;

    if (isInNet(host, "192.168.0.0", "255.255.255.0") ||
            isInNet(host, "192.168.1.0", "255.255.255.0") ||
            isInNet(host, "192.168.100.0", "255.255.255.0") ) {
            return sc_http_proxy;
    }
    if (isInNet(myIpAddress(), "192.168.33.0", "255.255.255.0") {
        if (isPlainHostName(host) || dnsDomainIs(host, ".sc.example.org")
                || dnsDomainIs(host, ".example.org")) {
            return direct;
        } else {
            // 119/563 for news
            if (news_proto_re.exec(url) ||
                news_port_re.exec(url)  ) {
                return sc_socks_proxy;
            }
            return sc_http_proxy;
        }
    }
    return direct;
}

// vim: ts=2 sw=2 syntax=javascript


================

Hope the above helps...it was pretty simple...



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users