The principle and realization process of WPAD

Source: Internet
Author: User
Tags config firewall

WPAD makes the proxy server transparent to the user by allowing the browser to automatically discover the proxy server, making it easy to access the Internet. WPAD can query the location of proxy autoconfiguration (PAC) files with the help of a DNS server or DHCP server.

Introduction

Proxy servers are mostly used to connect to the Internet and INTRANET (Enterprise Intranet). You need to set different proxy server parameters on multiple LANs to enable the browser to access the network. The functionality of the Microsoft Internet Explorer (IE) version 5.0 is already equipped with the ability to automatically switch proxy servers. The network administrator needs to deploy the proxy configuration file beforehand, but the user side settings are simple. A protocol called "WPAD" (Web Proxy auto-discovery protocol) is used in this feature.

The browser has the ability to read into and resolve the proxy server's configuration file and set its configuration information to the browser. A profile is a file that is described with Java Script and typically has extensions such as ". js", ". JVs", ". Pac" (proxy auto-configuration).

Automatic proxy detection is determined by the system, and the WEB proxy sends requests on behalf of the client. When automatic agent detection is enabled, the system attempts to locate the agent profile location that is returned after the agent sends the request. If a proxy profile is found, it is downloaded, compiled, and run on the local computer when using a WEB proxy instance to obtain proxy information, data requests, or response information.

The format of most of the configuration files deployed is Proxy auto-config (PAC). Initially, the PAC was designed by Netscape in 1996 for Netscape Navigator 2.0. The WPAD draft agreement was proposed by Inktomi, Microsoft, RealNetworks, Sun Microsystems several companies. WPAD supports all major browsers and is the first to be found in Internet Explorer 5.0.

WPAD transparent handling of proxy servers makes it no longer necessary for administrators to set proxy server parameters on each client computer. Automatic detection is supported by Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), and browsers search for the location of the PAC files through DHCP and DNS queries.

Proxy auto-config (PAC) file

Before you begin to introduce the WPAD principle, it is necessary to first have a conceptual understanding of the proxy autoconfiguration (PAC) file. The proxy automatic configuration (PAC) file defines how browsers and other user agents automatically select the appropriate proxy server to access a URL. To use a PAC, we should publish a PAC file on a Web server and, by typing the URL of the PAC file in the browser's proxy link settings page, or use the WPAD protocol to inform the user agent to use the file.

A PAC file is a text file that has at least one JavaScript function defined. The function FindProxyForURL (URL, host) has 2 parameters:

A URL is a URL to an object;

Host is a hostname that is derived from this URL.

By convention, this file name is generally PROXY.PAC. The WPAD standard uses Wpad.dat. A very simple PAC file contains the following:

function FindProxyForURL (URL, host) {
   if (url== ' http://www.baidu.com/') return ' DIRECT ';
   if (host== ' twitter.com ') return ' SOCKS 127.0.0.10:7070 ';
   if (dnsresolve (host) = = ' 10.0.0.100 ') return ' PROXY 127.0.0.1:8086;direct ';
   Return ' DIRECT ';
}

The principle of WPAD

Automatic detection of DHCP

With a DHCP server, administrators can centrally specify global TCP/IP parameters and subnet-specific TCP/IP parameters, and can use reserved addresses to define client parameters. If a client computer moves between subnets, TCP/IP is automatically reconfigured when the computer is started.

The rationale for deploying WPAD through a DHCP server is as follows. First make sure that the DHCP server is valid, and then establish a scope for each subnet that contains customers. The 252 options in the DHCP server are often used as pointers to queries or registers, and we can discover printers, time servers, WPAD hosts, and other network servers through 252 items. Add a 252 item to the DHCP server to find the WPAD host, and 252 is a string value that contains the URL of the PAC file deployed on the WPAD host. Configure 252 for the appropriate scope, even if there is only one scope. For a specific deployment of the DHCP server, see the references: ISA firewall uses DHCP to deploy WPAD.

Therefore, the DHCP client can obtain the URL of the PAC file, and when the client needs to automatically configure the browser or Firewall client, it can download the PAC file and get the address of the proxy server.

Fig. 1.DHCP Automatic detection diagram

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.