wpad - caching proxy part 2

proxy autoconfig is a combination of DHCP optons, and a bit of JS in a wpad.dat file.

under network>hostnames add an entry 'wpad' pointing to your router's lan-ip
then create a /www/wpad.dat file (got mine from here).
and changed the default rule to point to polipo - 10.0.0.1:8123
also changed .local into .lan for lan hosts, and commented some stuff out that didn't seem relevant.
function FindProxyForURL(url, host) {

// If the hostname matches, send direct.
//   if (dnsDomainIs(host, "intranet.domain.com") ||
//        shExpMatch(host, "(*.abcdomain.com|abcdomain.com)"))
//        return "DIRECT";

// If the protocol or URL matches, send direct.
    if (url.substring(0, 4)=="ftp:" ||
        shExpMatch(url, "http://abcdomain.com/folder/*"))
        return "DIRECT";

// If the requested website is hosted within the internal network, send direct.
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.lan") ||
        isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
        isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
        isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
        isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
        return "DIRECT";

// If the IP address of the local machine is within a defined
// subnet, send to a specific proxy.
//    if (isInNet(myIpAddress(), "10.10.5.0", "255.255.255.0"))
//        return "PROXY 1.2.3.4:8080";

// DEFAULT RULE: All other traffic, use below proxies, in fail-over order.
    return "PROXY 10.0.0.1:8123; DIRECT";

}

and that should be it. Eventhough it's not exactly clear when the wpad is fetched.
(IE is using the proxy, chrome isn't, although it is on another client - be patient).
--
pro-tip (and privacy leak)

vi /etc/config/polipo and add under config polipo 'general'
option disableIndexing 'false'
option disableServersList 'false'
this will enable two additional pages under polipo>status so it's a bit easier to check whether the proxy is being used.

! there seems to be a bug/problem with the on-disk cache - looking in to it.

Comments

Post a Comment

Popular posts from this blog

Traffic accounting

Got this from here: http://www.catonmat.net/blog/traffic-accounting-with-iptables/ All i'm interested in is my monthly bandwidth consumption, not the individual devices, there are plenty of forum threads/tools to do that. But why bring in additional tools when iptables has it all? iptables -N TRAFFIC_ACCT iptables -I FORWARD -j TRAFFIC_ACCT iptables -A TRAFFIC_ACCT and to just get the number: iptables -L TRAFFIC_ACCT -v | sed -n 3p | cut -d' ' -f2 to reset the counters /usr/sbin/iptables -L TRAFFIC_ACCT -Z the cron job to reset at the begining of the month, and a daily telegram msg 1 0 1 * * /usr/sbin/iptables -L TRAFFIC_ACCT -Z  0 8 * * * /usr/bin/curl -s -X POST https://api.telegram.org/<BOTID>/sendMessage -d chat_id=<CHATID> -d text="$(/usr/sbin/iptables -L TRAFFIC_ACCT -v | /bin/sed -n 3p | /usr/bin/cut -d' ' -f3)" >/dev/null 2>&1 (you'll need to opkg install ca-bundle for the https to work)
Read more

QoS with SQM (and something about bufferbloat)

another feature that came with stock zyxel fw is their 'optimized' (the one with the 400mbps nag) QoS packages. As far as i can tell the standard SQM package should come pretty close. install uci-app-sqm a Network>SQM QoS menu item will appear check enable, double check your interface name is really your wan port(eth1), and set your down/up speeds to what you measured with e.g. dslreports . under linklayer adaptation set to Ethernet (for VDSL) with 8 bytes overhead. i reran the test, and it seems my up/down throughput dropped about 10%,  but my bufferbloat report went from D to B.... whatever that means in reality I'll have to find out :)
Read more