some of my time in the last few days i spent on a more complex wpad.dat or proxy pac file, that would support my needs for a slightly more complex network structure than just a simple "use the proxy always, we only have 192.168.0.x", but with multiple networks where not all networks should use the proxy and some internal networks should be accessed directly and some via proxy etc.

so i wrote the script below. it's pretty straight forward:

  • proxyhost, proxyport: change the proxy host and port
    [note: ${asg_hostname} is a variable used by Sophos UTM, formerly known as astaro security gateway (asg) an is replaced with the hostname of the firewall/proxyserver]
  • directRegexPatterns: add / change the networks you want to be accessed directly (without proxy)
  • nets: put the networks here that should use the proxy

and thats it - throw it in your proxy server and fire it up!

good to know:

debugging in chrome is pretty easy, just add

alert("my log info");

to the proxy pac script and go to "chrome://net-internals/#proxy"
there you see the proxy chrome is using right now and can "re-apply" the settings (e.g. if you use proxy autoconfiguration via DHCP Option 252 [not working in Firefox] or via DNS wpad.yourdomain.local [working with Firefox])

after you verified you're using the correct proxy you can go to "events" tab and sort by ID descending and search for "PAC" and you'll see something like this:

heres the gist of it. just download it and upload it to your firewall or other proxy server (maybe you have to rename it to wpad.dat)