wpad not working with squid.
 

Hello all,

Squid-2.6-stable configured on CentOS5.4 Final working in transparent mode. For more control over the web access I am planning to remove it from transparent mode. But this would lead me to configuring all the web browsers.
I thought wpad would be better option and hence configured apache on the same machine running squid for wpad. Wrote the wpad.dat file and kept in the apache root. It is working well and page is server if accessed from browser.
Also configured dns on windows server 2003 for wpad machine.
But automatic detection does not work.
Squid works if browser is configured manually or if given the path to wpad.

well squid and wpad have *NOTHING* in common. if you're trying to solve a single problem across both, then you're not going to head in the right direction. From what you say, squid appears to be working just fine, so forget it exists for now, and worry about the wpad script. Indeed the wpad script too is apparently working fine, so that's irrelevant too isn't it?

What kind of auto detection are you using? You can use a heap of different A records, primarily wpad.yourdomainname.com.

Personally I'd recommend putting the url for the script directly into the browser, and ignore DNS / DHCP based solutions. Things don't always need to be that clever. Especially when it's not actually that clever in the first place.

Well my my. It was nothing to do with squid, DNS, DHCP or anything I have written. It was to do with the browsers. IE6 was not working and is still not. But IE7 and IE8 are working fine. Firefox is also working but needed some changes in the config. Needed to allow ipv6dns. But the local applications are not working on Firefox. They are working on IE though. This is the script.
If statement is not working for Firefox but else is working. The script though works fine in IE 7 and 8.

i'd be using isInNet to check for 192.168.0.0/16 or suchlike rather than doing it on name.

Thanks for that. Will change it and see if that works on both Firefox and IE.

Hey Chris,

Nothing is working for me yet. Now no sites open with automatic proxy configuration. If I manually browse for the wpad.dat file from a browser like http://<ip-address>/wpad.dat then this works. Browser opens the file with the default text editor.
But the same thing does not work if browser is told to do so automatically.
Also DNS is working fine and I can resolve to proper IP address if I nslookup wpad.mydomain.com.
But even after resolving, the browser is not able to connect to net. I also checked, web server is running and is serving the script. The DNS is running and working fine and so is squid.
If browser is configured manually for using proxy, it does connect to internet.
Any idea where more I need to check for? And where else could I have borked the system?

AFAIR you need to ensure you provide a suitable mime type from the http server this comes from. by default it'll just state that the data is a text file, but you can force the file to be passed back with an alternative mime header which the browser will know about. Accordingly to wikipedia, it needs to be application/x-ns-proxy-autoconfig or application/x-javascript-config.

Thats exactly what I have configured my apache as. I have those settings in mime.conf file as well. But I have overridden those settings in httpd.conf file with

AddType application/x-ns-proxy-autoconfig .dat

Also I just got to know something new about this. When my squid is running in transparent mode, Auto detect proxy settings work. But when I change squid settings for it not to work in transparent mode the browser fails to detect the settings. Also the browser crashes a lot in this case. For information, I am using Ubuntu 9.10 and Firefox 3.5.6 for Canonical. But this issue is on clients running Windows Xp as well.

You seem to be going backwards rapidly. If you're using a proxy transparently you don't need to know it exists do you?? so there's no proxy script for the browser to know about.

as for the mime type, does that mime type get returned via a curl or some such test?

Thats true. If I am using squid in transparent mode, it should not matter how browser if configured, it would use the default gateway or the system proxy. Sorry about that. My bad.
But I need to remove squid from working in transparent mode so that I can have more control over it.

Curl test? Can you elaborate that? This is the first time I am working with wpad.

To configure IE for proxy settings I can use Group Policy. But for Firefox, I need something like wpad for proxy auto configuration.

I removed all the validations using if else loops in wpad.dat file and there is only this

And this works. But another issue is that it does not work for email clients. We use thunderbird and MS outlook 2007. Both are unable to connect to the pop and smtp servers. Also this would create issues for the local addresses.

erm. squid is a web proxy. why would you think it'd work with email??

It is working as intercepting proxy. So any request made to the outside network has to pass through squid. So even if I want to use email client, it has to go through squid. Else it would not be able to download emails from the pop server or send mails using smtp server. And this is how the network is at my work place. So if squid service is not running or if the squid machine is down completely, complete web browsing is affected and so is the usage of email clients.

The above script in #12 post is working for the local addresses. Now, I need to only solve the problem for email clients.