More so, you probably already know what it is capable of doing, but wondering how to set it up. Here is my take on how to set it all up.
This assumes you already have a proxy server, web server, dns server's already setup. This example is based around a microsoft server 2008R2 servers but can be applied to just about any environment where the above is used.
1. Create your wpad.dat file for the proxy exclusions. See example
2. Get into your web server, create the MIME type for .dat. As you can see I am using IIS. Bring up the Mime Types page and add the following.
File name extentsion: .dat
MIME Type: application/x-ns-proxy-autoconfig
3. Put your wpad.dat file into the correct directory so it is accessible to anonymous/guest users from the web server. If using IIS, your default path will be C:\inetpub\wwwroot
Place your wpad file in there.
4. Remove "wpad" from the global query blocklist. To do this. Edit the registry in this location;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList
Or if you prefer, cmd commands Here is a copy/paste straight out of Technet.
To check whether the global query block is enabled, type the following:
dnscmd /info /enableglobalqueryblocklist
To display the host names in the current block list, type the following:
dnscmd /info /globalqueryblocklist
To disable the block list and ensure that the DNS Server service does not ignore queries for names in the block list, type the following:
dnscmd /config /enableglobalqueryblocklist 0
To enable the block list and ensure that the DNS Server service ignores queries for names in the block list, type the following:
dnscmd /config /enableglobalqueryblocklist 0
To remove all names from the block list, type the following:
dnscmd /config /globalqueryblocklist
To replace the current block list with a list of the names that you specify, type the following:
dnscmd /config /globalqueryblocklist name [name]…
5. Add the alias/host record file "wpad" in your dns server (this has to be pointing to your web server). Restart your dns service to ensure the blocklist has been updated.
6.Testing: Ping wpad. You should get a reply from your Web Server. Try and hit the wpad.dat file from your web server. http://wpad/wpad.dat It should be asking you to download the .dat or the text will appear in your browser. If both these tests have passed, Congratulations. You can now neatly manage all your proxy exclusions using the .dat file. This is extremely handy, as by default IE has this option turned on.
7. There is ANOTHER method to deploy wpad, which utilizes DHCP. I choose the DNS method, as i have read it is more compatible with other browsers.
No comments:
Post a Comment