Web Proxy Auto Discovery Protocol

Available Languages

Download Options

  • PDF     (326.5 KB)
    View with Adobe Reader on a variety of devices
Updated:November 4, 2011

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Web Proxy Auto Discovery Protocol

Table Of Contents

Web Proxy Auto Discovery Protocol

Overview

How WPAD Works

WPAD using DHCP

WPAD using DNS

Manual Browser Configuration for Windows Clients

Deploying WPAD with Windows Server

Configure Internet Information Services

Create an Option 252 Entry in DHCP

Enable Option 252 for a DHCP Scope

Active Directory and Group Policy Objects


Web Proxy Auto Discovery Protocol

Revised: July 15, 2010

Overview

The Web Proxy Auto-Discovery (WPAD) protocol is a method used by Web browsers to locate a Proxy Auto-Config (PAC) file automatically. The protocol uses DHCP and DNS systems and requires minimal configuration of a user's browser; in most cases all that is required is to select a check box. WPAD is not an official Internet standard, but it is widely supported by modern Web browsers. See How PAC Files Work.

How WPAD Works

WPAD can use DNS or DHCP to locate a PAC file. DHCP detection involves the URL being pushed to the end-user in the DHCP assignment, while DNS detection is based on an educated guess using known information about the DNS system.

A browser must be instructed to use WPAD, in most browsers this is as achieved by selecting a check box or button. The feature is most commonly known as `Auto-Detect' and is usually labeled as such. A browser that supports both methods will check the DHCP assignment first, before attempting the DNS method.

The PAC file must have the file name wpad.dat for the DNS method to function.

When using both WPAD methods the file must be served by the web server with the MIME type `application/x-ns-proxy-autoconfig'.

If the browser is unable to load a PAC file via the DHCP or DNS methods, it will allow direct Internet access.

WPAD using DHCP

A DHCP server must be configured to serve an additional setting in an IP address assignment; option 252. This option specifies the exact location of the PAC file. The file name does not need to follow any specific naming convention, however if WPAD DNS is to be used also, the file must have the file name wpad.dat.

A Web browser implementing this method sends the DHCP server a DHCPINFORM query, the DHCP server will return the expected IP settings along with the 252 option which defines the location of the PAC file. The browser will then download this PAC file from the URL provided.

WPAD using DNS

The DNS method differs in that it guesses the location of a PAC file. On Windows, this is based on the domain the machine is joined to, while on Linux and Mac OS X this is based on the Search Domain(s) configured in the network settings.

When attempting the WPAD DNS method, the browser will prefix the domain with wpad and attempt to download the file wpad.dat, for example wpad.domain.com/wpad.dat.

In the following example, a Windows machine is joined to the domain uk.scansafe.com, and a PAC file with the file name wpad.dat is hosted on wpad.scansafe.com:

1. After checking the network settings, the browser identifies the host machine as being part of the domain uk.scansafe.com.

2. The browser attempts to resolve wpad.scansafe.com and fails.

3. The browser attempts and succeeds in resolving wpad.scansafe.com.

4. The browser attempts to download the PAC file wpad.scansafe.com/wpad.dat.

Manual Browser Configuration for Windows Clients

You may need to restart your browser for changes to take effect.

In Internet Explorer, select the Automatically detect settings check box in the Local Area Network (LAN) Settings dialog.

In Firefox, click Auto-detect proxy settings for this network in the Connection Settings dialog.

In Opera, open the Preferences dialog then click the Advanced tab. In the left menu click Network then click Proxy Servers. Select the Use automatic proxy configuration check box and enter the WPAD URL in the box. Ensure the other check boxes are cleared then click OK.

Safari for Windows uses the Internet Explorer settings.

Deploying WPAD with Windows Server

Deploying WPAD on a Windows server enables you to centrally configure Internet Explorer users who are joined to a domain. It also makes it easy to configuring the browsers of users who are not members of a domain.

Before beginning the following should be installed and configured on Windows Server:

Internet Information Services (IIS)

DHCP Server

DNS Server

Active Directory

Active Directory is not a functional requirement of WPAD, but is recommended in order to simplify deployment.

Currently only Internet Explorer offers complete support for the DHCP method, therefore the DNS method is essential for support with alternate browsers.

You should test your PAC file before renaming it wpad.dat and uploading it to the Web site that will serve the file.

Configure Internet Information Services

Some browsers cannot read a PAC file served with an incorrect MIME type so you should configure IIS to use `application/x-ns-proxy-autoconfig' for the `.dat' extension. When you have made the change, restart IIS .

When the entry for WPAD is created and activated, all users of the relevant DHCP scope will receive the wpad.dat location, ready to be used by a user's browser.

Create an Option 252 Entry in DHCP

To automatically configure proxy settings:

Step 1 Open the DHCP control panel.

Step 2 In the console tree, right-click DHCP server, click Set Predefined Options, then click Add.

Step 3 In the Name box enter WPAD.

Step 4 In the Data type box enter String.

Step 5 Clear the Array check box.

Step 6 In the Code box enter 252.

Step 7 In the Description box enter http://<url>:<port>/wpad.dat, then click OK.

To confirm Option 252 is selected, right-click Server Options then click Configure Options.

Enable Option 252 for a DHCP Scope

To configure Option 252 for a DCHP scope:

Step 1 Open the DHCP control panel.

Step 2 Right-click Scope Options, click Configure Options, then click Advanced.

Step 3 In Vendor Class, click Standard Options.

Step 4 In Available Options, click 252 Proxy Autodiscovery, then click OK.

Active Directory and Group Policy Objects

One of the benefits of WPAD is that it greatly reduces the amount of work it takes to configure a browser for use with a PAC file/proxy.

Using Active Directory and Group Policy Objects (GPO) you can configure Internet Explorer settings automatically. A third-party tool called FirefoxADM is available for Firefox which allows configuration via GPO.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco