Blog
The Blog

KB N° 2539: AUTOMATIC DEPLOYMENT OF PROXY CONFIGURATION (DHCP/DNS)

KB Olfeo On-Premise
June 5, 2023

How to deploy a proxy configuration on your computer, on different browsers, via a DHCP or DNS server.

Objective

Deploy a proxy configuration on the computer park, on different browsers, via a DHCP or DNS server.

We'll use an Apache or IIS web server to provide the WPAD file.

 

Steps

Prerequisites

Step 1: Store the wpad file on a web server

This involves providing client browsers with the wpad file containing details of the proxy to be used.

  • Apache :

    On the Apache server, all you need to do is upload the file wpad.dat to the web server root.

  • IIS :

    As far as IIS is concerned, the only difference with Apache is the addition of a new MIME type for .dat extensions. To do this, simply click on the "MIME type" icon in the IIS server configuration, then add the MIME type as follows:

Step 2: Client workstation configuration

Browsers need to be configured to automatically detect proxy settings in order for the configuration to be retrieved.

DNS deployment

For Windows Server 2003/2008

  1. Add an alias wpad.mondomaine.lan which points to the web server delivering the wpad :

  2. We now need to check that wpad is not in the DNS blocking list, or even disable it. To do this, access the registry editor(Start > Run > regedit).
  3. Once in the registry editor, look for the following keys:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\EnableGlobalQueryBlockList

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList

    EnableGlobalQueryBlockList should not be present (default behavior on 2003). If it is, check that a wpad entry is not present in the GlobalQueryBlockList key.

 

DHCP deployment

  • For Windows Server 2003/2008 :

    Following initial tests, it appears that the DHCP service on Windows 2003 and 2008 servers does not deliver option 252 to DHCP clients, so this part is non-functional.

  • For Debian server (udhcpd) :
    1. We start by installing the udhcpd :

      apt-get install udhcpd

    2. We add to the /etc/udhcpd.conf the following directive:

      opt wpad http://@IP_serveur_web/wpad.dat

Validation

  • When deploying via DNS, you need to check that wpad's resolution works properly from a client workstation, and that it refers to the name of a web server on the network.
  • You can also check that in the advanced network settings, the DNS suffix matches the domain suffix.
  • Then, for both DNS and DHCP deployment, check that DHCP option 252 appears by capturing the frame with Wireshark on the client workstation:
  • ...and the request to the Web server to retrieve the wpad.dat file that will be displayed when the browser is opened: