Sophos Web Appliance: Publishing Automatic Proxy Information as a wpad.dat file

  • Article ID: 38784
  • Rating:
  • 3 customers rated this article 5.0 out of 6
  • Updated: 04 Jun 2012

The content of Web Proxy Autodiscovery Protocol files (wpad.dat) is identical to that of proxy.pac files: they both contain the same few lines of JavaScript that is used to configure your users' browsers to use the Web Appliance as their web proxy. The difference is that WPAD files are renamed to wpad.dat. They are served from the root directory of a web server in your internal network that runs a specifically named web site, which is where browsers are set to "automatically configure the web proxy" to find a wpad.dat file.

Warning: Internet Explorer 7 may have difficulties working with a wpad.dat file. http://msdn.microsoft.com/en-us/ie/aa740486.aspx states: "If you are on a network that uses a proxy server, and you notice slowness or a problem connecting to websites after upgrading to Internet Explorer 7, it might be due to web proxy auto-detection problems." This known issue warning then describes the steps of disabling the automatic proxy detection option and manually configuring access to your web proxy as the fix for this problem. If your users will be using Internet Explorer 7, please consider this issue before deciding on this option.

To deploy your proxy.pac file as a wpad.dat file:

  1. Copy the proxy.pac file that you created in the previous procedure (Creating, Testing, and Deploying a proxy.pac File) to the root document directory of your web server, and rename it wpad.dat.
  2. Check that a URL in the following form will open the proxy.pac script in your browser:
    http://www.subdomain.example.org/wpad.dat
    Where www.subdomain.example.org is the fully qualified domain name of the (DNS) domain of which you are a member. You can find the FQDN of your system by typing ipconfig at the command prompt. The FQDN is the value of "Connection-specific DNS suffix".
  3. Add an entry to your web server's MIME types configuration:
    • For Apache 1.x, edit your /etc/apache/httpd.conf file by adding the following line:
      AddType application/x-javascript-config dat
      Then restart the Apache web server.
    • For Apache 2.x, edit your /etc/apache2/mods-available/mime.conf file by adding the following line:
      AddType application/x-javascript-config dat
      Then restart the Apache web server.
    • For IIS:
      1. In IIS Manager, right-click the website or website directory for which you want to add a MIME type, and click Properties.
      2. Click the HTTP Headers tab.
      3. Click Mime Types.
      4. Click New.
      5. In the Extension box, enter the file name extension: dat.
      6. In the MIME type box, enter the MIME type description: application/x-javascript-config.
      7. Click OK and then restart the IIS service.
  4. Add a record to your DNS server to have wpad.www.example.org resolve to the web server on which you are hosting the wpad.dat file:
    1. Open DNS by selecting Programs|Administrative Tools|DNS from the Windows Start menu.
    2. In the left tree, expand Forward Lookup Zones, right-click on the forward lookup zone for your domain, and select New Alias (CNAME).
      The New Resource Record dialog box is displayed.
    3. In the Alias name text box, enter wpad.
    4. Click Browse to the right of the Fully qualified domain name text box.
      The Browse dialog box is displayed.
    5. Select the host on which the wpad.dat file resides, click OK, and click OK again.
    6. Test that the Automatically detect settings option works in the Tools|Internet Options|Connections|LAN Settings from the menu bar in Internet Explorer.
      With the Automatically detect settings option set, your browser will try to find a web server called wpad.www.example.org and look for a file called wpad.dat. If it doesn't find it, it will try the next higher in the tree: wpad.example.org/wpad.dat. When your browser does find the file, the proxy configuration will be automatically updated to use the Web Appliance as its web proxy.

    Note: By default, when a connection is established through a proxy server, the hostname of the site and the proxy server name are cached. On future attempts to access the hostname in the same session, Internet Explorer has cached information about which proxy to use. Therefore, all subsequent connections to the host are tried through the proxy that was used previously. This means that if the proxy server name that is cached is unavailable during the same session, the automatic proxy configuration script is not re-processed, and you receive a "Page Cannot Be Displayed" error message in Internet Explorer.

    You may want to disable the Automatic Proxy Result Cache to provide the proxy redundancy that you require. This will result in client-side processing of every GET request that is issued by Internet Explorer. As a result, Internet Explorer performance may be impacted depending on the logic of the Automatic Proxy Configuration Script and its size. The procedure for doing this is documented in the Microsoft Knowledgebase article http://support.microsoft.com/kb/271361.

  5. Instruct your users to do the following: From their Internet Explorer Tools menu, select Internet Options|Connections|LAN Settings and select Automatically detect settings, and then restart Internet Explorer

Once these steps are completed, your users' browser proxy configuration will be automatically updated to use the Web Appliance as their web proxy.

Additionally, you can enforce the application of automatic updates using the wpad.dat file by Creating a Group Policy Object (GPO).

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments