WPAD Configuration - weird behaviour

I always recommend against selecting 'Automatically detect proxy settings'.

Also, use an FQDN instead of a numeric IP.  See Configuring HTTP/S proxy access with AD SSO.

Cheers - Bob

Problem with that Bob is if you have clients eg laptops, tablets etc that travel outside of your network. A GPO would set the proxy to whatever you set and then the clients can't access the internet when taken away from the network.

We're using a WPAD file via an IIS server and it works wonderfully. We can thrown our network clients where ever we wish eg out of gateway A or B and have gateway C as a backup.

For clients we don't control eg guests etc, we just use transparent proxy.

Agreed, Louis.  That link was for an explanation of why one should use an FQDN instead of a numeric IP.

Cheers - Bob

For WPAD, it's definitely advisable to use an FQDN as I'm sure firefox only uses a DNS lookup to get the file. Good thing with an FQDN is that you can then have multiple servers usng a round robin etc to issue the WPAD file. Ours works brilliantly.

Thank you for the answers.

- Yes we also use a FQDN for the proxy address. (for the test and the screenshots I used the ip^^)

- for the WPAD delivery we use also a FQDN "wpad.xxx.xxx"

I've changed the PAC- File:

=======================================================

function FindProxyForURL(url, host) {
var resolved_ip = dnsResolve(host);
//Don't proxy connections to the UTM web interface
if (shExpMatch(url, "proxy.xxx.local:4444/*")) return "DIRECT";
//Exclude non-fqdn hosts from being proxied
if (isPlainHostName(host)) return "DIRECT";
//Don't proxy Connections to Legacy NGA Net
if ((shExpMatch(url, "^http://194.150.1.*")) ||
(shExpMatch(url,"^https://194.150.1.*"))) return "DIRECT";
if ((shExpMatch(url, "^http://194.150.0.*")) ||
(shExpMatch(url,"^https://194.150.0.*"))) return "DIRECT";
if (shExpMatch(url, "mobile.xxxxx.xxx")) return "PROXY proxy.xxx.local:8080";

//Don't proxy connections to the exempted URL matches
if (shExpMatch(url, "xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "citrix.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "owa.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "autodiscover.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "autodiscover.xxx.ch")) return "DIRECT";
if (shExpMatch(host, "viewer.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "transfer.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "hotspot.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "remote.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "meeting.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "outlook.xxx.local")) return "DIRECT";
if (shExpMatch(host, "*.xxx.local/*")) return "DIRECT";
if (shExpMatch(host, "xxx.local")) return "DIRECT";
//Don't proxy connections to private IP addresses
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
isInNet(resolved_ip, "127.0.0.0", "255.255.255.0") ||
isInNet(resolved_ip, "195.50.158.164", "255.255.255.255"))
return "DIRECT";
return "PROXY proxy.xxx.local:8080";
}

=======================================================

But "https://www.icloud.com" isn't working.

Now i downloaded a Tool: "autproxy" 

( https://blogs.msdn.microsoft.com/askie/2014/02/07/optimizing-performance-with-automatic-proxyconfiguration-scripts-pac/ )

With this tool you can check the auto proxy configuration function against URLs:

The proxy returned correctly but the website shows an error:

But in the Web Filter Log i don't find anything about "icloud" or requests against "icloud" from my IP address.

If i navigate to "www.google.de", "www.facebook.de" etc. i get logfile entries...

In the Web Filtering Exception i checked the logging options:

Thank you for the answers.

- Yes we also use a FQDN for the proxy address. (for the test and the screenshots I used the ip^^)

- for the WPAD delivery we use also a FQDN "wpad.xxx.xxx"

I've changed the PAC- File:

=======================================================

function FindProxyForURL(url, host) {
var resolved_ip = dnsResolve(host);
//Don't proxy connections to the UTM web interface
if (shExpMatch(url, "proxy.xxx.local:4444/*")) return "DIRECT";
//Exclude non-fqdn hosts from being proxied
if (isPlainHostName(host)) return "DIRECT";
//Don't proxy Connections to Legacy NGA Net
if ((shExpMatch(url, "^http://194.150.1.*")) ||
(shExpMatch(url,"^https://194.150.1.*"))) return "DIRECT";
if ((shExpMatch(url, "^http://194.150.0.*")) ||
(shExpMatch(url,"^https://194.150.0.*"))) return "DIRECT";
if (shExpMatch(url, "mobile.xxxxx.xxx")) return "PROXY proxy.xxx.local:8080";

//Don't proxy connections to the exempted URL matches
if (shExpMatch(url, "xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "citrix.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "owa.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "autodiscover.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "autodiscover.xxx.ch")) return "DIRECT";
if (shExpMatch(host, "viewer.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "transfer.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "hotspot.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "remote.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "meeting.xxxxx.xxx")) return "DIRECT";
if (shExpMatch(host, "outlook.xxx.local")) return "DIRECT";
if (shExpMatch(host, "*.xxx.local/*")) return "DIRECT";
if (shExpMatch(host, "xxx.local")) return "DIRECT";
//Don't proxy connections to private IP addresses
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
isInNet(resolved_ip, "127.0.0.0", "255.255.255.0") ||
isInNet(resolved_ip, "195.50.158.164", "255.255.255.255"))
return "DIRECT";
return "PROXY proxy.xxx.local:8080";
}

=======================================================

But "https://www.icloud.com" isn't working.

Now i downloaded a Tool: "autproxy" 

( https://blogs.msdn.microsoft.com/askie/2014/02/07/optimizing-performance-with-automatic-proxyconfiguration-scripts-pac/ )

With this tool you can check the auto proxy configuration function against URLs:

The proxy returned correctly but the website shows an error:

But in the Web Filter Log i don't find anything about "icloud" or requests against "icloud" from my IP address.

If i navigate to "www.google.de", "www.facebook.de" etc. i get logfile entries...

In the Web Filtering Exception i checked the logging options:

I'm not that familiar with iCloud and that message isn't precise about whether the iCloud server ran into an error or the iCloud client did.  Can we see the Web Filtering log lines when that error occurred?  I bet you will need to skip the Proxy, but the log should tell us.

Cheers - Bob

Hmm we didn't find an solution. The icloud website only works if we put in the ip address instead of setting the checkbox for WPAD configuration in the proxy settings.