How to detect proxy server automatically
How to detect proxy server automatically
If you have many number of computers in your LAN and sharing the internet, you should prepare a proxy server and cache the internet object to improve the access speed. Then all computer need to point the proxy server, but it's a heavy job for the network administrator to open all browser and point to the proxy server manually.
If you are using Linux as a gateway, you can configure it as a transparent proxy, then all http packets can be redirected to proxy server transparently. But windows 2000 server can not function as the transparent proxy.
Windows 2000 Server has another approach to solve the problem, but each approachs don't work for all the workstations and browsers, then you should use several way concurrently.
| Option | Method to detect proxy automatically | Support | Doesn't support |
|---|---|---|---|
| 1 | Web Proxy Auto-Discovery (WPAD) | IE5.0 and above, Netscape | Old IE and other browser |
| 2 | DHCPINFORM | all windows platform? | ? |
| 3 | Active Directory Group Policy | Within a domain Windows 2000 Pro, Server Windows XP Pro Windows 2003 Server | Outside a domain Windows 9x/Me Windows XP Home Edition |
Web Proxy Auto-Discovery (WPAD) (Option1)
The IE 5 (and higher) and Netscape Web Proxy Auto-Discovery (WPAD) feature enables web clients to automatically detect proxy settings without user intervention. The algorithm used by WPAD prepends the hostname "wpad" to the fully-qualified domain name and progressively removes subdomains until it either finds a WPAD server answering the hostname or reaches the third-level domain. For instance, web clients in the domain a.b.hoge.com would query wpad.a.b.hoge.com, wpad.b.hoge.com, then wpad.hoge.com. A vulnerability arises because in international usage, the third-level domain may not be trusted. A malicious user could set up a WPAD server and serve proxy configuration commands of his or her choice.All clients should be enabled "Automatic detect settings", even though it's a default value.
Make a wpad.dat and proxy.pac file and copy it into root directory of local web server
function FindProxyForURL(url,host) { if(isPlainHostName(host)|| isInNet(host,"192.168.0.0","255.255.255.0")) return "DIRECT"; else return "PROXY 192.168.0.10:8080; DIRECT"; }Note: wpad.dat is referred by WPAD, and proxy.pac is referred by DHCPINFORM (option2) and Active Directory Group Policy (option3)The web server should have wpad host name (or alias). You need to register to DNS. (A record or CNAME)
Detect proxy server using DHCPINFORM (Option2)
DHCP server can send DHCPINFORM message and then client can get javascript URL. DHCP server should be supported using DHCPINFORM. Windows 2000 Server/Windows .NET Server support it.Open DHCP Window, right click the host name and select "Set Predefined Options..."
Click "Add" button at "Predefined Option and Values" window. And then type as below. You can give any name, but data type and Code should be "String" and "252"
Add "AUTO-PROXY-CONFIG" to each scope options and the value should point your proxy.pac file (make link to proxy.dat or copy same file to proxy.pac)
Active Directory Group Policy (Option3)
You can configure proxy to client automatically using Active Directory Group Policy. But it works only computer which belongs to the domain. The supported OSs are only
- Windows 2000 Professional and Server
- Windows XP Professional
- Windows 2003 Server
These are not supported
- Windows 9x/Me
- Windows XP Home Edition
Open "Active Directory Users and Computers", and then select OU (if you want to apply all your organization, select root domain) and open property. Click "Group Policy" tab, click [New] or [Edit] and open "Group Policy" window. Click "User Configuration"->"Windows Settings"->"Internet Explorer Maintenance"->"Connection"->"Automatic Browser Configuration" and open "Property".
Check [Automatic detect configuration settings] and [Enable Automatic Configuration], set the interval to [Automatic configure every] textbox and URL for proxy.pac file to [Auto-proxy URL] textbox.
ความคิดเห็น