KB N° 2539: AUTOMATIC DEPLOYMENT OF PROXY CONFIGURATION (DHCP/DNS)
How to deploy a proxy configuration on your computer, on different browsers, via a DHCP or DNS server.
Objective
Deploy a proxy configuration on the computer park, on different browsers, via a DHCP or DNS server.
We'll use an Apache or IIS web server to provide the WPAD file.
Steps
Prerequisites
Step 1: Store the wpad file on a web server
This involves providing client browsers with the wpad file containing details of the proxy to be used.
- Apache :
On the Apache server, all you need to do is upload the file wpad.dat to the web server root.
- IIS :
As far as IIS is concerned, the only difference with Apache is the addition of a new MIME type for .dat extensions. To do this, simply click on the "MIME type" icon in the IIS server configuration, then add the MIME type as follows:
Step 2: Client workstation configuration
Browsers need to be configured to automatically detect proxy settings in order for the configuration to be retrieved.
DNS deployment
For Windows Server 2003/2008
- Add an alias wpad.mondomaine.lan which points to the web server delivering the wpad :
- We now need to check that wpad is not in the DNS blocking list, or even disable it. To do this, access the registry editor(Start > Run > regedit).
- Once in the registry editor, look for the following keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\EnableGlobalQueryBlockList
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList
EnableGlobalQueryBlockList should not be present (default behavior on 2003). If it is, check that a wpad entry is not present in the GlobalQueryBlockList key.
DHCP deployment
- For Windows Server 2003/2008 :
Following initial tests, it appears that the DHCP service on Windows 2003 and 2008 servers does not deliver option 252 to DHCP clients, so this part is non-functional.
- For Debian server (udhcpd) :
- We start by installing the udhcpd :
apt-get install udhcpd
- We add to the /etc/udhcpd.conf the following directive:
opt wpad http://@IP_serveur_web/wpad.dat
- We start by installing the udhcpd :
Validation
- When deploying via DNS, you need to check that wpad's resolution works properly from a client workstation, and that it refers to the name of a web server on the network.
- You can also check that in the advanced network settings, the DNS suffix matches the domain suffix.
- Then, for both DNS and DHCP deployment, check that DHCP option 252 appears by capturing the frame with Wireshark on the client workstation:
- ...and the request to the Web server to retrieve the wpad.dat file that will be displayed when the browser is opened: