Did you ever wondered what is this “automatically detect settings” option in LAN settings under connection tab in Internet Explorer? By setting this option you enable the web proxy auto discovery (WPAD) protocol functionality of the web browser. Using this protocol you are directing your web browser to use a special configuration file to automatically set its proxy settings. The benefit from the use of WPAD is the ability to instruct all web browsers in an organization to use the same policy, without configuring each of them manually.

Where is the configuration file?

The configuration’s file location can be published by using two alternative methods: DNS or DHCP. A web browser configured for WPAD, before fetching its first page sends a DHCPINFORM query to its local DHCP server in order to get the URL of the configuration file in the DHCP reply. If DHCP does not provide the desired information, the web browser will try to fetch the configuration file by using DNS resolution. For example if the FQDN of the client computer is computer.subdomain.domain.local, the web browser will try to fetch the configuration file from the following locations:
1. http://wpad.subdomain.domain.local/wpad.dat
2. http://wpad.domain.local/wpad.dat (some web browsers)
3. http://wpad.com/wpad.dat (in incorrect implementations)

Hosting the wpad.dat

Since the web browser is trying to fetch the configuration file (wpad.dat) by using the HTTP protocol, the hosting server should be able to do so. The hosting web server must be also set to serve .dat files as “application/x-ns-proxy-autoconfig” mime types and the wpad.dat file should be located at the web site’s root directory. For example in an IIS configuration, you should do the following:

  • Go to Start –> settings –> control panel –> administrative tools –> Internet Information Services (IIS) Manager
  • Right click the web site node in which you are going to host the wpad.dat file (for example Default Web Site) and select properties
  • Select the HTTP Headers tab and press MIME Types button
  • In the “MIME Types” dialog box press NEW, type .dat in the extension field and application/x-ns-proxy-autoconfig in the MIME Type field, and press OK.
  • Return back to IIS Manager and right click the web site node in which you are going to host the wpad.dat file (for example Default Web Site) and select explore.
  • Right click somewhere in the right pane of the IIS snap-in and select new –> text document.
  • Rename the document to wpad.dat.

Editing the wpad.dat file

The wpad.dat file you have created in a previous step should be populated with a javascript in order to instruct the web browser how to configure its proxy settings. A sample configuration is illustrated below:

function FindProxyForURL(url, host) {
// our local URLs from the domains below mydomain.com don't need a proxy: 
if (shExpMatch(url,"*.mydomain.com/*")) {return "DIRECT";}
if (shExpMatch(url, "*.mydomain.com:*/*")) {return "DIRECT";}
// Client computers within this network are accessed through 
// port 8080 on proxy1.mydomain.local: 
if (isInNet(myIpAddress(), "192.168.0.0", "255.255.255.0"))
{return "PROXY proxy1.mydomain.local:8080";
}
// All other requests go through port 8080 of proxy2.mydomain.local. 
// should that fail to respond, go directly to the WWW: 
return "PROXY proxy2.mydomain.local:8080; DIRECT";
}

 

In the example above, you are directing the web browser to use proxy1.mydomain.local on port 8080 in case the client computer belongs to 192.168.0.0/24 network (script marked with red). In case the client does not belong to the 192.168.0.0/24 network, all web traffic will go through proxy2.mydomain.local and if proxy2 fails to respond, it will try to go directly (script marked with orange). Finally, we instruct the web browser to bypass proxies in case the URL contains the .mydomain.com string (script marked with green). Note that you can add more rules by just adding lines to your configuration file.

Publishing the file location

To publish the file location you need to either setup a DHCP option or setup a DNS record. To setup the DHCP option in a windows DHCP server you need to do the following:

  • Go to Start –> settings –> control panel –> administrative tools –> DHCP
  • Right click the DHCP server name and select “set predefined options”
  • In the Predefined options dialog box press “add”
  • In the option type dialog box set the following values:
    Name: WPAD
    Data Type: String
    Code: 252
    Description: WPAD Auto Config Key
  • Go back to DHCP snap-in and right click either your scope or server options.
  • Select “Configure Options…”
  • In the scope options dialog box select the 252 option and in the string value type your wpad.dat file location (like http://wpad.mydomain.local/wpad.dat) and press OK.

Finally, to configure your DNS server, you need to add a WPAD A or CNAME record for the server hosting your wpad.dat file (for example wpad.mydomain.local).

 

Note, that if you are planning to use a windows DNS server you have to take care of the Global Query Block list which introduced in windows 2008 and later operating systems. The global query block list by default prevents the resolution of wpad and isatap hostnames.

//To view the query block list:

dnscmd 
[<ServerName>] /info /globalqueryblocklist





//To enable/disable the query block list:




dnscmd [<ServerName>] /config /enableglobalqueryblocklist 0|1








//To update the global query block list:




dnscmd [<ServerName>] /config /globalqueryblocklist [<name> [<name>]...]