Help Linux - до свидания! См. Новости проекта

You are here: start » en » kb » auto-proxy


|

Дополнительно

 Creative Commons

Automatic proxy configuration

DRAFT

DHCP way

  • Works for IE
    # autoproxy
    option wpad-url code 252 = text;
    option wpad-url "http://wpad.domain.lan/proxy.php ";  # space (or any other character) at the end must be in place as a workaround related to the IE bug

DNS way

  • Works for Firefox
    • DNS record: wpad.domain.lan
    • wpad.dat have to be linked to proxy.php
      ln -s proxy.php wpad.dat
    • Apache site
      <VirtualHost *:80>
      
          ServerName wpad.domain.lan
          AddType application/x-httpd-php .dat
      
          DocumentRoot /opt/company/autoproxy
          <Directory "/opt/company/autoproxy">
              Options FollowSymLinks
              Order allow,deny
              Allow from all
          </Directory>
      
      </VirtualHost>

Generate proxy.pac (wpad.dat) depend on source IP

proxy.php
/* Creator: Stanislav German-Evtushenko (2012)
 * Contributor: add your name here
 */
 
<?php
// Define mime and filename
header('Content-type: application/x-ns-proxy-autoconfig');
header('Content-Disposition: attachment; filename="proxy.pac"');
?>
<?php
// Define network sets
// Location 1
$network_sets[0] = array(
        "10.135.0.0/21",        // Network 1
        "172.17.0.0/16",        // Network 2
);
// Location 2
$network_sets[1] = array(
        "10.10.0.0/16",         // Network 3
);
?>
<?php
// Get source IP address
$myip = $_SERVER['REMOTE_ADDR'];
// Define functions
function ip_in_network($ip, $network){
        list ($net_addr, $net_mask) = split ("/", $network);
        $ip_binary_string = sprintf("%032b",ip2long($ip));
        $net_binary_string = sprintf("%032b",ip2long($net_addr));
        return (substr_compare($ip_binary_string,$net_binary_string,0,$net_mask) === 0);
}
function ip_in_network_set($ip, $network_set){
        foreach ($network_set as $network)
                if (ip_in_network($ip, $network)) return true;
        return false;
}
function proxy_for_network_set($ip, $network_set, $proxy_string){
        if (ip_in_network_set($ip,$network_set))
                print "$proxy_string;";
}
function default_proxy($ip, $network_sets){
        proxy_for_network_set($ip,$network_sets[0],"PROXY proxy1.domain.lan:3128"); // Location 1
        proxy_for_network_set($ip,$network_sets[1],"PROXY proxy2.domain.lan:8080; PROXY proxy3.domain.lan:8080"); // Location 2
}
?>
 
function FindProxyForURL(url, host) {
 
// Define default proxy
dst_default = "<?php default_proxy($myip, $network_sets); ?>";
 
//// If specific URL needs to bypass proxy, send traffic direct.
//      if (shExpMatch(url,"*domain.com*") ||
//          shExpMatch(url,"*vpn.domain.com*"))                  
//              return "DIRECT";
 
// If URL has no dots in host name, send traffic direct.
        if (isPlainHostName(host))
                return "DIRECT";
 
// If IP address is internal or hostname resolves to internal IP, send direct.
        resolved_ip = dnsResolve(host);
        if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
                isInNet(resolved_ip, "172.16.0.0",  "255.240.0.0") ||
                isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
                isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
                return "DIRECT";
 
// Return default proxy
return dst_default;
 
}