Thanks again for your help Blake. I also found this link to be useful: http://blog.freyguy.com/archives/2006/03/01/proxy-auto-detect-ie-and-firefox/ So, I think I've got it sorted out. To summarize the steps for posterity: I created a wpad.dat file - below is an abbreviated version of it, which I'll be testing out on Saturday. ----------begin wpad.dat---------- function FindProxyForURL(url, host) { if (shExpMatch(host, "helpdesk")) { return "DIRECT"; } if (shExpMatch(host, "itwiki")) { return "DIRECT"; } if (isInNet(myIpAddress(), "10.0.1.0", "255.255.255.0")) return "PROXY 192.168.8.72:3128"; if (isInNet(myIpAddress(), "10.0.2.0", "255.255.255.0")) return "PROXY 192.168.8.72:3128"; if (isInNet(myIpAddress(), "192.168.38.0", "255.255.255.0")) return "DIRECT"; if (isInNet(myIpAddress(), "192.168.61.0", "255.255.255.0")) return "PROXY 192.168.61.5:3128"; } ----------end wpad.dat---------- There are two web sites that have exceptions, because they're internal, and nobody in any office should go through a proxy to get to them.The first two subnets are in the US, the third one is in the UK office (no proxy) and the third one is in the AU office. I then created a web site called wpad, and entered it in DNS as wpad.example.tld and put the wpad.dat file in the root of it, and gave it a separate IP address. I then created a DHCP scope option - 252, and populated it with http://wpad.example.tld/wpad.dat, and assigned it to the IT subnet scope for testing. I'll make it a global scope option on all three sites after I confirm that it works as expected. The last big kicker is for Win2k3+ DNS server, and is discussed here: http://support.microsoft.com/kb/2003485 The only issue I see for the moment is that if the overseas offices lose VPN connectivity to the US office, they won't get the wpad.dat file. This shouldn't be an issue for the UK office, since they don't have a proxy. For the AU office, this might be an issue, but I believe that they should be covered, because the browsers should cache the wpad.dat file. Anyone care to comment on the above? Kurt On Wed, Dec 30, 2009 at 17:47, Blake Covarrubias <blake@xxxxxxxxx> wrote: > On Dec 30, 2009, at 4:26 PM, Kurt Buff wrote: > >> I'm scouring the web, not finding much, and hope some of you here have >> a clue for me. Google, with 'wpad.dat examples' and 'wpad.dat syntax' >> aren't yielding much for me - though perhaps I'm missing what's in >> front of my face. > > You probably want to look at: > > http://en.wikipedia.org/wiki/Proxy_auto-config > http://web.archive.org/web/20060424005037/wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html > >> I am looking for a solution that will allow FF in each office to query >> the web site in the US office ( because >> http://wpad.example.tld/wpad.dat will be the same for every office), >> and get back settings that are appropriate to the office. In the UK >> office that would be no proxy, just direct - in the AU office that >> would be the local proxy server, with appropriate exceptions for >> intranet sites, and the US office the same as the AU office. > > You can dynamically generate proxy.pac from a CGI script. Look at the source IP and customize appropriately. > > http://www.squid-cache.org/mail-archive/squid-users/199708/0193.html > > Just setup your web server to handle .pac or .dat requests as a CGI. In lighttpd you'd use cgi.assign and Apache would use AddHandler in your <Directory> config. > > http://redmine.lighttpd.net/wiki/1/Docs:ModCGI > http://httpd.apache.org/docs/2.2/howto/cgi.html > > > Hope this helps. > > -- > Blake Covarrubias
