[squid-users] Wpad
Jonathan Lee
jonathanlee571 at gmail.com
Tue Dec 10 21:30:17 UTC 2024
Thanks for the reply, I purchased a Raspberry Pi to run an Apache2 server on it and host my wpad. It is working should I use and proxy settings to block pivots to it? Example an invasive container accesses the proxy and pivots to other devices on the network from inside the cage
> On Dec 10, 2024, at 06:50, David Touzeau <david at articatech.com> wrote:
>
> Hi Jonathan
>
> Using squid as a PAC proxy provider is not an efficient solution.
> - Squid cache error pages, which may cause problems when modifying the source.
> - The PAC proxy will generate events in squid that are polluting for troubleshooting.
> - If squid has issues or is stopped ( disk full, false config..) , it will be difficult to provide an alternative way.
>
> To this end, we're offering a free, open-source service dedicated to PAC proxies, with the distinctive feature of offering several PAC proxies depending on the client source and browser.
> A web-based management console lets you build the Proxy PAC, test your rules and view access events.
> This solution is independent, leaving the squid free to focus on its designated mission.
>
> https://wiki.articatech.com/en/proxy-service/proxy-pac
>
> regards
>
>
> Le 09/12/2024 à 14:40, ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> a écrit :
>> Hey Jonathan,
>>
>> Can you give more details on the setup?
>> I am unsure how this setup work.
>> Is this an intercept proxy or a simple forward proxy?
>> Is the 192.168.1.1 the proxy ip and port? Also is the client on the same subnet?
>>
>> I understand that you are trying to use the proxy to serve the wpad file somehow.
>>
>> Thanks,
>> Eliezer
>>
>> From: squid-users <squid-users-bounces at lists.squid-cache.org> <mailto:squid-users-bounces at lists.squid-cache.org> On Behalf Of Jonathan Lee
>> Sent: Monday, December 2, 2024 12:04 AM
>> To: Jonathan Lee <jonathanlee571 at gmail.com> <mailto:jonathanlee571 at gmail.com>
>> Cc: squid-users <squid-users at lists.squid-cache.org> <mailto:squid-users at lists.squid-cache.org>
>> Subject: Re: [squid-users] Wpad
>>
>> this is the wpad file I am using
>>
>> function FindProxyForURL(url, host)
>> {
>> url = url.toLowerCase();
>> host = host.toLowerCase();
>>
>> if (isPlainHostName(host))
>> {
>> return 'DIRECT';
>> }
>>
>> if (isResolvable(host))
>> {
>> var hostIP = dnsResolve(host);
>>
>> if (isInNet(hostIP, '0.0.0.0', '255.0.0.0') || isInNet(hostIP, '10.0.0.0', '255.0.0.0') ||
>> isInNet(hostIP, '127.0.0.0', '255.0.0.0') || isInNet(hostIP, '169.254.0.0', '255.255.0.0') ||
>> isInNet(hostIP, '172.16.0.0', '255.240.0.0') || isInNet(hostIP, '192.168.0.0', '255.255.0.0') ||
>> isInNet(hostIP, '198.18.0.0', '255.254.0.0') || isInNet(hostIP, '224.0.0.0', '240.0.0.0') ||
>> isInNet(hostIP, '240.0.0.0', '240.0.0.0'))
>> {
>> return 'DIRECT';
>> }
>>
>> if (false)
>> {
>> return 'DIRECT';
>> }
>> }
>>
>> if (url.substring(0, 5) == 'http:' || url.substring(0, 6) == 'https:' ||
>> url.substring(0, 4) == 'ftp:')
>> {
>> return 'PROXY 192.168.1.1:3128';
>> }
>>
>> return 'DIRECT';
>> }
>>
>>
>> On Dec 1, 2024, at 13:58, Jonathan Lee <jonathanlee571 at gmail.com <mailto:jonathanlee571 at gmail.com>> wrote:
>>
>> this is what I have tried it also fails
>>
>> acl wpad urlpath_regex ^/wpad.dat$
>> acl wpad urlpath_regex ^/proxy.pac$
>> deny_info 200:/usr/local/www/wpad.dat wpad
>> deny_info 200:/usr/local/www/proxy.pac wpad
>> http_access deny wpad
>>
>> reply_header_access Content-Type deny wpad
>> reply_header_replace Content-Type application/x-ns-proxy-autoconfig
>>
>> when you run squid -k parse it take the config file
>>
>>
>> What I want to do is when it sees that reg ex to send it to this URL
>> https://192.168.1.1:8080/wpad.dat
>>
>>
>>
>>
>> On Dec 1, 2024, at 09:01, Jonathan Lee <jonathanlee571 at gmail.com <mailto:jonathanlee571 at gmail.com>> wrote:
>>
>> Thank you again this works perfectly for my issues I had
>>
>>
>> On Oct 2, 2024, at 20:51, Amos Jeffries <squid3 at treenet.co.nz <mailto:squid3 at treenet.co.nz>> wrote:
>>
>> On 2/10/24 05:05, Jonathan Lee wrote:
>>
>> Hello fellow squid users,
>> Can you please help? I am attempting to run wpad on the same machine as squid however port 80 443 is blocked, I have a url redirect 192.168.1.1/wpad.dat to https://192.168.1.1:8080/wpad.dat this is done with use of squid guard, however you must disable bypass for 192.168.1.1 on squid. Squid resides on 192.168.1.1:3128,
>> It works on the iMac for auto config proxy I can access the url file within the redirect.
>> My question is how can this be managed directly with squid custom config ?? Is there a way to have squid manage a simple wpad?
>>
>>
>> acl wpad urlpath_regex ^/wpad.dat$
>> deny_info 200:/etc/squid/wpad.dat wpad
>> http_access deny wpad
>>
>> reply_header_access Content-Type deny wpad
>> reply_header_replace Content-Type application/x-ns-proxy-autoconfig
>>
>>
>>
>> HTH
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
>> https://lists.squid-cache.org/listinfo/squid-users
>>
>>
>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
>> https://lists.squid-cache.org/listinfo/squid-users
>
> --
> David Touzeau - Artica Tech France
> Development team, level 3 support
> ----------------------------------
> P: +33 6 58 44 69 46
> www: https://wiki.articatech.com <https://wiki.articatech.com/>
> www: http://articatech.net <http://articatech.net/>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
> https://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20241210/6ffa6c1c/attachment-0001.htm>
More information about the squid-users
mailing list