Installing a Web Proxy Server.

[Longy]

I like my security devices bridged at the gateway but anyways I've been given a Sophos WS500 proxy server to play with.

Setting up a GPO with proxy settings was easy enough etc but I have a lot of laptop users where this isn't going to work.

So I was going down the proxy.pac route then DNS with wpad.dat

However I can't seem to get proxy.pac working with IE8!

Here's the Jav script and yes ws500 is set up in my DNS server and can be pinged/contacted via web.

function FindProxyForURL(url, host) {
return "PROXY ws500:8080;
DIRECT";
}

Thoughts?

 

[Longy]

I'm trying to test the .pac before I convert it to wpad.dat and upload it to the internal webserver.

 

[PinkoCommie]

However I can't seem to get proxy.pac working with IE8!

does that mean that the proxy.pac file works with IE7 / firefox etc but not with IE8?

The syntax looks fine to me. The only thing I can think is that the proxy server is not responding in a "reasonable" amount of time and therefore drops back to it's second choice (DIRECT).

try doing the following and seeing if it works:

function FindProxyForURL(url, host) {
return "PROXY ws500:8080";
}

Then you are only giving it one choice.

Your configured .pac file basically says "try using ws500:8080, if this doesn't respond in a timely manner then go DIRECT".

 

[ChrisR]

My IE8 test machine at work is working fine with our proxy.pac file, it's got a little more in it but functionally it should do the same thing as posted above.

Basically we have a list of a couple of addresses that are set to go direct, then everything else routes through one of our proxies depending on which site you are at.

Then for laptops one of the direct connection sites is our remote login page, so they can't access anywhere else from their laptops directly they have to come through the system

Then when they do login to our remote access thing they can either tunnel in or start up a thin session.

 

[Longy]

Thanks for the response guys.

I've not tried it on any other version of IE/firefox only had IE8 installed on my laptop.

I'll try taking the direct out and give that a bash.

Chris it sounds like you got it setup nice and secure however with the users at my place I'd rather just give them straight internet access when they are at home and not use my bandwidth and I know they'll get confused if I just ask them to turn the proxy settings off! haha

I have the .pac file on the root of my laptop and just pointed IE "use automatic configuration script" to the script c:\proxy.pac that should work for test purpose's?

 

[ChrisR]

It's ok most of the time, although do hit the odd snag when a user is somewhere that offers wifi, but has one of those signup/pay pages first as it won't load up for them But we're not that big so doens't happen often.

And trying to explain the difference between a tunnel and thin connection to someone who just wants to get on somehow to read their email is always interesting.

Sometimes think we shouldn't even give them the choice and just force one or t'other

 

[Longy]

Update:

Ok using DNS to distribute the wpad.dat file, this is working great on all XP machines and 2003 machines with a GPO set to turn on "detect automatic settings" in IE - except my laptop running windows 7 and IE8. Just doesn't seem to work although the WPAD.dat website is accessible and the windows service (WinHTTP web proxy auto discovery) is running.

 

[Longy]

Fixed it!

I had to 'reset IE settings' - seems it only looks for wpad.dat once on the inital set up.