WPAD - Automatic Proxy detection
Jump to navigation
Jump to search
Automatic Proxy detection
Enabling Automatic Proxy detection
- Using DHCP server option 252:
In Name, type *WPAD*.
In Code, type *252*.
In Data type, select *String* or *Text*, and then click OK.
In String, type *@http://FQDN:PORT/wpad.dat@* where:
- DNS based:
Default wpad file:
function FindProxyForURL(url, host)
{
if (isPlainHostName(host))
return "DIRECT";
if (shExpMatch( host, "intranet*"))
return "DIRECT";
if (shExpMatch( host,"kinad.local"))
return "DIRECT";
if (shExpMatch( host,"*.kinad.local"))
return "DIRECT";
if (!isResolvable(host))
return "DIRECT";
if (url.substring(0, 5) == "http:" ||
url.substring(0, 6) == "https:" ||
url.substring(0, 4) == "ftp:"||
url.substring(0, 7) == "gopher:")
return "PROXY pfsense.oswincorp.pw:3128; DIRECT";
if (url.substring(0, 5) == "wais:")
return "DIRECT";
else
return "DIRECT";
}
* isPlainHostName: Basically checks if there are dots in host, mainly used for intranet.
* shExpMatch: Checks for Shell regular expressions, can be used like: @if (shExpMatch(url, "*vpn.domain.com*") || shExpMatch(url, "*abcdomain.com/folder/*")) @
* isResolvable: Tries to resolve the hostname. Returns true if succeeds.
* url.substring: In the above used syntax the url will be cut from start(0) to the 5th character =':' so the variable will be 'http:' If this matches the proxy should be used: @return "PROXY pfsense.oswincorp.pw:3128; DIRECT";@ The last DIRECT is for when the proxy server is offline, then we will try to go directly to the internet.
More info can be found on here.
PAC file Office365
See here Microsoft Documentation
function FindProxyForURL(url, host)
{
// Define proxy server
var proxyserver = "PROXY pfsense.hostname.local:3128; DIRECT";
// Make host lowercase
var lhost = host.toLowerCase();
host = lhost;
//Catch explicit FQDNs which need the proxy but are covered under wildcarded FQDNs which have IPs. This has to be done first before the wildcard is hit
if ((shExpMatch(host, "browser.pipe.aria.microsoft.com"))
|| (shExpMatch(host, "compliance.outlook.com"))
|| (shExpMatch(host, "mobile.pipe.aria.microsoft.com"))
|| (shExpMatch(host, "quicktips.skypeforbusiness.com"))
|| (shExpMatch(host, "r1.res.office365.com"))
|| (shExpMatch(host, "r3.res.office365.com"))
|| (shExpMatch(host, "r4.res.office365.com"))
|| (shExpMatch(host, "r3.res.outlook.com"))
|| (shExpMatch(host, "xsi.outlook.com")))
{
return proxyserver;
}
//Send FQDNs which Microsoft provide IPs for direct, so they can be sent via a firewall
else if ((isPlainHostName(host))
|| (shExpMatch(host, "*.asm.skype.com"))
|| (shExpMatch(host, "*.broadcast.skype.com"))
|| (shExpMatch(host, "*.cc.skype.com"))
|| (shExpMatch(host, "*.config.skype.com"))
|| (shExpMatch(host, "*.conv.skype.com"))
|| (shExpMatch(host, "*.dc.trouter.io"))
|| (shExpMatch(host, "*.infra.lync.com"))
|| (shExpMatch(host, "*.lync.com"))
|| (shExpMatch(host, "*.msg.skype.com"))
|| (shExpMatch(host, "*.office365.com"))
|| (shExpMatch(host, "*.outlook.com"))
|| (shExpMatch(host, "*.outlook.office.com"))
|| (shExpMatch(host, "*.pipe.aria.microsoft.com"))
|| (shExpMatch(host, "*.pipe.skype.com"))
|| (shExpMatch(host, "*.portal.cloudappsecurity.com"))
|| (shExpMatch(host, "*.protection.office.com"))
|| (shExpMatch(host, "*.sharepoint.com"))
|| (shExpMatch(host, "*.skypeforbusiness.com"))
|| (shExpMatch(host, "*.svc.ms"))
|| (shExpMatch(host, "*.teams.microsoft.com"))
|| (shExpMatch(host, "*.teams.skype.com"))
|| (shExpMatch(host, "*.yammer.com"))
|| (shExpMatch(host, "*.yammerusercontent.com"))
|| (shExpMatch(host, "*broadcast.officeapps.live.com"))
|| (shExpMatch(host, "*excel.officeapps.live.com"))
|| (shExpMatch(host, "*onenote.officeapps.live.com"))
|| (shExpMatch(host, "*powerpoint.officeapps.live.com"))
|| (shExpMatch(host, "*view.officeapps.live.com"))
|| (shExpMatch(host, "*visio.officeapps.live.com"))
|| (shExpMatch(host, "*word-edit.officeapps.live.com"))
|| (shExpMatch(host, "*word-view.officeapps.live.com"))
|| (shExpMatch(host, "account.office.net"))
|| (shExpMatch(host, "adminwebservice.microsoftonline.com"))
|| (shExpMatch(host, "agent.office.net"))
|| (shExpMatch(host, "apc.delve.office.com"))
|| (shExpMatch(host, "api.login.microsoftonline.com"))
|| (shExpMatch(host, "aus.delve.office.com"))
|| (shExpMatch(host, "browser.pipe.aria.microsoft.com"))
|| (shExpMatch(host, "can.delve.office.com"))
|| (shExpMatch(host, "ccs-sdf.login.microsoftonline.com"))
|| (shExpMatch(host, "ccs.login.microsoftonline.com"))
|| (shExpMatch(host, "clientconfig.microsoftonline-p.net"))
|| (shExpMatch(host, "clientlog.portal.office.com"))
|| (shExpMatch(host, "config.edge.skype.com"))
|| (shExpMatch(host, "controls.office.com"))
|| (shExpMatch(host, "cus-000.tasks.osi.office.net"))
|| (shExpMatch(host, "delve.office.com"))
|| (shExpMatch(host, "device.login.microsoftonline.com"))
|| (shExpMatch(host, "ea-000.tasks.osi.office.net"))
|| (shExpMatch(host, "eus-zzz.tasks.osi.office.net"))
|| (shExpMatch(host, "gbr.delve.office.com"))
|| (shExpMatch(host, "hip.microsoftonline-p.net"))
|| (shExpMatch(host, "hipservice.microsoftonline.com"))
|| (shExpMatch(host, "home.office.com"))
|| (shExpMatch(host, "ind.delve.office.com"))
|| (shExpMatch(host, "jpn.delve.office.com"))
|| (shExpMatch(host, "jpn.delve.office.com"))
|| (shExpMatch(host, "kor.delve.office.com"))
|| (shExpMatch(host, "lam.delve.office.com"))
|| (shExpMatch(host, "login.microsoft.com"))
|| (shExpMatch(host, "login.microsoftonline.com"))
|| (shExpMatch(host, "login.microsoftonline-p.com"))
|| (shExpMatch(host, "login.windows.net"))
|| (shExpMatch(host, "logincert.microsoftonline.com"))
|| (shExpMatch(host, "loginex.microsoftonline.com"))
|| (shExpMatch(host, "login-us.microsoftonline.com"))
|| (shExpMatch(host, "nam.delve.office.com"))
|| (shExpMatch(host, "neu-000.tasks.osi.office.net"))
|| (shExpMatch(host, "nexus.microsoftonline-p.com"))
|| (shExpMatch(host, "nexus.officeapps.live.com"))
|| (shExpMatch(host, "nexusrules.officeapps.live.com"))
|| (shExpMatch(host, "pipe.skype.com"))
|| (shExpMatch(host, "portal.microsoftonline.com"))
|| (shExpMatch(host, "portal.office.com"))
|| (shExpMatch(host, "prod.registrar.skype.com"))
|| (shExpMatch(host, "prod.tpc.skype.com"))
|| (shExpMatch(host, "provisioningapi.microsoftonline.com"))
|| (shExpMatch(host, "s-0001.s-msedge.net"))
|| (shExpMatch(host, "s-0004.s-msedge.net"))
|| (shExpMatch(host, "scsinstrument-ss-us.trafficmanager.net"))
|| (shExpMatch(host, "sea-000.tasks.osi.office.net"))
|| (shExpMatch(host, "signup.microsoft.com"))
|| (shExpMatch(host, "stamp2.login.microsoftonline.com"))
|| (shExpMatch(host, "suite.office.net"))
|| (shExpMatch(host, "tasks.office.com"))
|| (shExpMatch(host, "teams.microsoft.com"))
|| (shExpMatch(host, "testconnectivity.microsoft.com"))
|| (shExpMatch(host, "weu-000.tasks.osi.office.net"))
|| (shExpMatch(host, "wus-000.tasks.osi.office.net"))
|| (shExpMatch(host, "www.office.com"))
|| (shExpMatch(host, "www.sway.com")))
{
return "DIRECT";
}
else
return proxyserver;
}
test the WPAD using pactester
$ pactester -p temppac.file -u http://www.google.be PROXY pfsense.hostname.local:3128; DIRECT $ pactester -p temppac.file -u http://www.sway.com DIRECT
Documentation
https://proxyforurl.thorsen.pm/ A online PAC / WPAD tester + documentation