How to Configure Proxy Settings Using PAC Files and WPAD

Barracuda Web Security Service

How to Conﬁgure Proxy Settings Using PAC Files and WPAD https://campus.barracuda.com/doc/6553612/

PAC Files

A PAC file contains a JavaScript function "FindProxyForURL(url, host)". This function returns a string with one or more access method specifications. These specifications cause the user agent to use a particular proxy server or to connect directly. To use PAC, you publish a PAC file on a web server and instruct a user agent to use it, either by entering the URL in the proxy connection settings of your web browser or through the use of the Web Proxy Autodiscovery Protocol (WPAD).

Multiple specifications provide a fallback when a proxy fails to respond. The web browser fetches this PAC file before retrieving other pages. The URL of the PAC file is either configured manually or determined automatically by the WPAD. The Barracuda Web Security Service Connector can generate and manage this PAC file for you, and hosts both a “proxy.pac” and a “wpad.dat” file.

Syntax example

In this example, when the client makes a request to a website, the web browser refers to the PAC file. If the client is using a local network address, the specified proxy server is used on the specified port. If the client is not using a local network address (example: a user is connecting from a hotel), the PAC file instructs the web browser to connect directly to the Internet. proxy.pac

. function FindProxyForURL(url, host)

{ if (isInNet(myIpAddress(), "10.10.10.0", "255.255.255.0") return "PROXY [Proxy Address]:[Port]"; else return "DIRECT";

}

How to Conﬁgure Proxy Settings Using PAC Files and WPAD 1 / 4 Barracuda Web Security Service

Creating a PAC File

You can use the Barracuda Web Security Service Connector’s Network Setup tab to automatically create a PAC ﬁle. Alternatively, you can create your own PAC ﬁle using the procedure below, and save it to a server within your network.

1. Use Notepad or another text editor to open a new text file 2. Paste the text from the example above into the text editor. 3. Replace the IP address and subnet mask with those of your network. 4. Save the file to a server within your network, naming it proxy.pac, and making sure to choose All Files for Save as type. 5. In the Barracuda Web Security Service Connector’s administrative interface, specify the location of the PAC file.

Conﬁguring Internet Explorer to Use a PAC File

1. In Internet Explorer, click on Tools > Internet Options > Connections > LAN Settings. 2. Select Use automatic configuration script. 3. Type the path and filename of your PAC file. Example: http://your Barracuda Web Security Service Connector/proxy.pac 4. Click OK twice.

Conﬁguring Firefox to Use a PAC File

1. In Firefox, click on Tools > Options > Advanced > Network. 2. Click Settings. 3. Select Automatic Proxy Configuration URL. 4. Type the path and filename of your PAC file. Example: http://your Barracuda Web Security Service Connector/proxy.pac 5. Click Reload, and then click OK twice.

Barracuda Web Security Service Connector Conﬁguration

1. In the Barracuda Web Security Service Connector interface, click the wpad.dat tab. 2. On the wpad.dat page, enter the IP address or the DNS resolvable hostname of the host where the wpad.dat ﬁle resides, and then click Save. 3. Add any internal networks to the Exceptions list using the Add New button. Use these to instruct the web browser to connect directly to hosts on those networks.

Web Proxy Autodiscovery Protocol (WPAD)

The Web Proxy Autodiscovery Protocol (WPAD) is a method used by clients to locate a proxy autoconfig file automatically and use this to configure the web browser's proxy settings.

How to Conﬁgure Proxy Settings Using PAC Files and WPAD 2 / 4 Barracuda Web Security Service

The WPAD standard defines two alternative methods the system administrator can use to publish the location of the proxy configuration file: the Dynamic Host Configuration Protocol (DHCP) or the Domain Name System (DNS).

Before fetching its first page, a web browser implementing this method sends the local DHCP server a DHCPINFORM query, and uses the URL from the WPAD option in the server's reply. If the DHCP server does not provide the desired information, DNS is used. If, for example, the network name of the user's computer is pc.department.branch.example.com, the web browser will try the following URLs in turn until it finds a proxy configuration file within the domain of the client:

http://wpad.department.branch.example.com/wpad.dat http://wpad.branch.example.com/wpad.dat http://wpad.example.com/wpad.dat

Requirements

In order for WPAD to work, a few requirements have to be met:

If you want to use DHCP, then the DHCP must be configured to serve up the "site-local" option 252 ("auto-proxy-config") with a string value of "http://xxx.yyy.zzz.qqq/wpad.dat" (without the quotes) where xxx.yyy.zzz.qqq is the address of a web server (either IP address or DNS). If you want to use DNS, then a DNS entry is needed for a host named WPAD. The host WPAD must be able to serve a web page. The file named wpad.dat must be located in the WPAD websites's root directory.

How to Conﬁgure Proxy Settings Using PAC Files and WPAD 3 / 4 Barracuda Web Security Service

© Barracuda Networks Inc., 2021 The information contained within this document is confidential and proprietary to Barracuda Networks Inc. No portion of this document may be copied, distributed, publicized or used for other than internal documentary purposes without the written consent of an official representative of Barracuda Networks Inc. All specifications are subject to change without notice. Barracuda Networks Inc. assumes no responsibility for any inaccuracies in this document. Barracuda Networks Inc. reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

How to Conﬁgure Proxy Settings Using PAC Files and WPAD 4 / 4