Squid_ The Definitive Guide - Duane Wessels [219]
Proxy Auto-Configuration is attractive because it gives the network administrator more control. For example, you can temporarily disable your caching service, implement load balancing, or migrate the service to new systems. Additionally, the function can return a list of proxy addresses, which the browser tries in sequence. If the first is unavailable, it tries the second, and so on.
The following browsers support Proxy Auto-Configuration:
Internet Explorer
Opera
Netscape
Konqueror
Mozilla
All these browsers have a place in which you can type in the Proxy Auto-Configuration URL. You'll find it in the same place as the manual proxy settings, earlier described in Section F.1. Configuring hundreds or thousands of workstations is a real hassle, which is why a handful of companies came up with WPAD, described in the next section.
Writing a Proxy Auto-Configuration function is relatively straightforward. The function, named FindProxyForURL, takes two arguments and returns a list of proxy addresses, separated by semicolons. The word DIRECT instructs the browser to forward the request directly to the origin server, rather than to a proxy. Here is a simple example:
function FindProxyForURL(url, host) {
if (isPlainHostName(host))
return "DIRECT";
if (!isResolvable(host))
return "DIRECT";
if (url.substring(0, 5) = = "http:")
return "PROXY 172.16.5.1:3128; DIRECT";
if (url.substring(0, 4) = = "ftp:")
return "PROXY 172.16.5.1:3128; DIRECT";
return "DIRECT";
}
The first if statement makes the browser connect directly to the origin server if the user types a single-component hostname, such as www. This is generally a good idea because the browser's interpretation of the hostname might be different from the proxy's. The second if statement ensures that the hostname exists in the DNS. If not, the user sees an error message from the browser itself, rather than from Squid. The next two if statements return a proxy address, followed by DIRECT for HTTP and FTP URLs. If the proxy doesn't respond, the browser attempts to make a direct connection to the origin server.
* * *
Warning
If you have a firewall in place, the browser probably won't be able to make a direct connection.
* * *
After writing the function, save it somewhere in your web server's data directory. Next, you need to configure the server to return a specific content type for the file. The convention is to give the file a .pac extension, such as proxy.pac. Then, ensure that the HTTP server returns the content type application/x-ns-proxy-autoconfig. With Apache, you can add this line to your server config file:
AddType application/x-ns-proxy-autoconfig .pac
Refer to Section 4.3 of Web Caching (O'Reilly), for more information on Proxy Auto-Configuration files, including more complicated FindProxyForURL ideas and examples.
WPAD
The Web Proxy Auto Discovery (WPAD) protocol is a technique for user-agents to find a nearby caching proxy automatically. The idea is relatively simple. The protocol provides a number of methods for generating a URL that refers to a Proxy Auto-Configuration file. Those methods include DHCP, DNS lookups, and SLP (the Service Location Protocol).
DHCP is the first method the user-agent should try. It sends a query for "option 252" to a local DHCP server. The response is a string: the URL. Here's how to configure ISC's DHCP server for WPAD:
option wpad code 252 = text;
option wpad "http://172.16.1.1/proxy.pac";
The second method is SLP. However, its implementation is optional. I do not know if any user-agents actually support WPAD via SLP.
DNS is the last resort. The protocol specification outlines a number of DNS techniques a user-agent might use to find a wpad.dat URL. The most straightforward technique is to perform an address lookup for the hostname