The pfSense Store

Author Topic: [SOLVED] MultiLAN squid + proxy.pac for browsers + Chromium (doesn't work)  (Read 2456 times)

0 Members and 1 Guest are viewing this topic.

Offline bellera

  • Hero Member
  • *****
  • Posts: 5569
  • Karma: +117/-51
    • View Profile
I started to using squid3 with pfSense.

I have 4 LAN with squid3 activated.

Browsers read a proxy.pac file that say were is the proxy for each LAN and same destinations not to use the proxy.

Code: [Select]
function FindProxyForURL(url, host) {
   if (shExpMatch(url,"*//aaaaaaa.*")) {return "DIRECT";}
   if (shExpMatch(url,"*.bbbbbbb.tld/*")) {return "DIRECT";}
   if (shExpMatch(url,"*.ccccccc.tld/*")) {return "DIRECT";}
   if (shExpMatch(url,"*.ddddddd.tld/*")) {return "DIRECT";}
   if (shExpMatch(url,"*.eeeeeee.tld/*")) {return "DIRECT";}
   if (shExpMatch(url,"*.fffffff.tld/*")) {return "DIRECT";}
   if (isInNet(myIpAddress(), "192.168.0.0", "255.255.255.0")) {return "PROXY 192.168.0.1:3128";}
   if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0")) {return "PROXY 192.168.1.1:3128";}
   if (isInNet(myIpAddress(), "192.168.2.0", "255.255.255.0")) {return "PROXY 192.168.2.1:3128";}
   if (isInNet(myIpAddress(), "192.168.3.0", "255.255.255.0")) {return "PROXY 192.168.3.1:3128";}
   return "DIRECT";
}

Today I see that there is an important bug for Chrome browser.

I doesn't understand myIpAddress()

http://code.google.com/p/chromium/issues/detail?id=175652#c11

Any idea to solve this?
« Last Edit: April 01, 2014, 02:42:58 am by bellera »

Offline Tikimotel

  • Full Member
  • ***
  • Posts: 201
  • Karma: +11/-0
    • View Profile
Use "host = host.toLowerCase();" in combination with "dnsResolve(host)" as a replacement for  "myIpAddress()".
Unfortunately I only have 1 LAN to worry about.

Here is my proxy.pac as an example:
Code: [Select]
function FindProxyForURL(url, host) {

  url = url.toLowerCase();
  host = host.toLowerCase();
  isHttp = (url.substring(0,5) == "http:");
  isHttps = (url.substring(0,6) == "https:")

// If the requested website is hosted within the internal network, send direct.
    if (isPlainHostName(host) ||
           shExpMatch(host, "*.home") ||
           shExpMatch(host, "*.local") ||
           isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
           isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
           isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
           isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
{ return "DIRECT"; }

// Forward non-http(s) and some hosts to forward proxy (or DIRECT)
if((!isHttp && !isHttps) // Skip all non http(s)
   || dnsDomainIs(host, "microsoft.com")
   || dnsDomainIs(host, "windowsupdate.com")
   || dnsDomainIs(host, "eset.com")
   || dnsDomainIs(host, "mcafee.com") // McAfee
   || dnsDomainIs(host, "siteadvisor.com") // McAfee
   || dnsDomainIs(host, "hackerwatch.com") // McAfee
   || dnsDomainIs(host, "hackerwatch.org") // McAfee
   || dnsDomainIs(host, "avg.com")
   || dnsDomainIs(host, "grisoft.cz")
   || dnsDomainIs(host, "avgfree.com")
   || dnsDomainIs(host, "avg.cz")
   || dnsDomainIs(host, "symantecliveupdate.com")
   || dnsDomainIs(host, "thawte.com"))
{ return "DIRECT"; }

if (isHttps)
   // Skip HTTPS
{ return "DIRECT"; }

// Otherwise, go through our proxy or if it fails, through bypass
return "PROXY 192.168.0.1:3128; DIRECT";
}

Offline bellera

  • Hero Member
  • *****
  • Posts: 5569
  • Karma: +117/-51
    • View Profile
I'm sorry! I can use dnsResolve() on my networks. Many of the machines hasn't DNS local records.

There is a lot of http://en.wikipedia.org/wiki/Bring_your_own_device in my LANs.

http://en.wikipedia.org/wiki/Proxy_auto-config
Quote
The myIpAddress function has often been reported to give incorrect or unusable results, e.g. 127.0.0.1, the IP address of the localhost.
« Last Edit: March 31, 2014, 01:39:11 pm by bellera »

Offline bellera

  • Hero Member
  • *****
  • Posts: 5569
  • Karma: +117/-51
    • View Profile
I think this is [SOLVED]. I will do more testing tomorrow!

Full tested! Working!

At root directory of my apache2 webserver:

Code: [Select]
cat .htaccess

Options +FollowSymLinks
RewriteEngine On

RewriteCond %{REMOTE_ADDR} ^192\.168\.0\.
RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan0.pac [R=301,L]

RewriteCond %{REMOTE_ADDR} ^192\.168\.1\.
RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan1.pac [R=301,L]

RewriteCond %{REMOTE_ADDR} ^192\.168\.2\.
RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan2.pac [R=301,L]

RewriteCond %{REMOTE_ADDR} ^192\.168\.3\.
RewriteRule (proxy\.pac|wpad\.dat|wpad\.da)$ http://www.mydomain.tld/lan3.pac [R=301,L]

proxy.pac
wpad.dat (simlynk to proxy.pac)
wpad.da (simlynk to proxy.pac)
lan0.pac
lan1.pac
lan2.pac
lan3.pac

When browser ask for http://www.mydomain.tld/proxy.pac, http://www.mydomain.tld/wpad.dat or http://www.mydomain.tld/wpad.da  the URL is rewrited in function of the LAN.

Or http://wpad.mydomain.tld/proxy.pac, http://wpad.mydomain.tld/wpad.dat or http://wpad.mydomain.tld/wpad.da ...
« Last Edit: April 01, 2014, 02:43:30 am by bellera »

Offline Tikimotel

  • Full Member
  • ***
  • Posts: 201
  • Karma: +11/-0
    • View Profile
Tip:
https://calomel.org/proxy_auto_config.html

isInNet(host, pattern, mask)
Code: [Select]
isInNet(host, "192.168.249.79", "255.255.255.255")
    is true if the IP address of host matches exactly 192.168.249.79.
isInNet(host, "192.168.0.0", "255.255.0.0")
    is true if the IP address of the host matches 192.168.*.*.
Well it might work, but like you said you have hosts without local records...
« Last Edit: April 01, 2014, 11:26:22 am by Tikimotel »