cancel
Showing results for 
Search instead for 
Did you mean: 
RickO47
Level 7

host a proxy.pac in / directory not "files"

Jump to solution

I need to have the proxy.pac in http://proxy.domain.com/proxy.pac  NOT http://proxy.domain.com/files/proxy.com on my 7.1 gateway.

(Yes I have it working on port 80 as implied I just need remove the files directory)

Can I just do symbolic link to the file on the command line ?

I am upgrading from 6.8.7 and am using proxy.pac as in KB67177.

Thanks,

RickO

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: host a proxy.pac in / directory not "files"

Jump to solution

For support reasons, I cannot tell you how to do this command:

# cd /usr/share/mwg-ui/fileserver/ROOT

# ln -s files/proxy.pac proxy.pac

  

They would kill me if I told you, because it has not been approved by engineering and will not be supported. And it is unknown what will happen during upgrades and backups, etc. So don't do it.

However, I have been able to create rules to do something similar. I would have to dig them up, but basically you put in a rule rule that checks for

URL.Path equals "/proxy.pac"

and in the events:

Set URL = http://127.0.1.1:4713/files/proxy.pac

  or

Set URL = http://127.0.1.1:4713/wpad.dat

Yes, oddly enough it is 127.0.1.1.

0 Kudos
8 Replies
eelsasser
Level 15

Re: host a proxy.pac in / directory not "files"

Jump to solution

There is a hard-coded link to "/wpad.dat" if you upload a file with that name.

Can you use that?

http://proxy.domain.com/wpad.dat

0 Kudos
RickO47
Level 7

Re: host a proxy.pac in / directory not "files"

Jump to solution

Yes I will be but -

actually I need to take advantage of the fact 7.1 can have anyname.pac files (long time ago we used wpad.pac and 4000+ machines still use it)

So I need proxy.pac AND wpad.pac (don't laugh) off of root /.

I can do anything on the cli if need be.

RickO

0 Kudos
eelsasser
Level 15

Re: host a proxy.pac in / directory not "files"

Jump to solution

For support reasons, I cannot tell you how to do this command:

# cd /usr/share/mwg-ui/fileserver/ROOT

# ln -s files/proxy.pac proxy.pac

  

They would kill me if I told you, because it has not been approved by engineering and will not be supported. And it is unknown what will happen during upgrades and backups, etc. So don't do it.

However, I have been able to create rules to do something similar. I would have to dig them up, but basically you put in a rule rule that checks for

URL.Path equals "/proxy.pac"

and in the events:

Set URL = http://127.0.1.1:4713/files/proxy.pac

  or

Set URL = http://127.0.1.1:4713/wpad.dat

Yes, oddly enough it is 127.0.1.1.

0 Kudos
cedricm
Level 7

Re: host a proxy.pac in / directory not "files"

Jump to solution

Hi, i have a similar as Ricko

my Version is 7.1.6

File proxy.pac uploaded on the WebGateway through Troubleshooting/Files

File Server setup on Port TCP 4713 (default) under  Configuration/appliance/File Server/HTTP Connector Port

Port forwarding Setup withe Source 0.0.0.0  Target Port 80 Destination 127.0.0.1 Port 4713 under  Configuration/appliance/Port Forwarding

the proxy.pac file is accessible  and working on following url

http://<fqdn or IP>:4713/files/proxy.pac (file Server TCP port work : OK)

http://<fqdn or IP>/files/proxy.pac (port 80) (Port Forward rules work : OK)

But no way to access the wpad.dat theough http://<fqdn or IP>:4713/wpad.dat or http://<fqdn or IP>/wpad.dat

Some Thread on community forum say that the appliance should be translated automatically, but does not looks to be the case

I did even try through ssh to do

from folder /opt/mwg : ln ./file/proxy.pac wpad.dat (hard link)

owned by mwgc/mwg

but still not able to access http://<fqdn or IP>:4713/wpad.dat or http://<fqdn or IP>/wpad.dat

Does anyone have succeed to setup a link like this http://<fqdn or IP>/wpad.dat (without the files folder) on the appliance.

If not i will try to go through the support, but there are very slow to answer.

thanks for any help.

0 Kudos
cedricm
Level 7

Re: host a proxy.pac in / directory not "files"

Jump to solution

answering to myself, sometime just asking othe helps to understand

There is in fact the automatic translation of the http://<fqdn or ip>/files/wpad.dat to http://<fqdn or ip>/wpad.dat

so the hard link need to be done inside the /opt/mwg/files/folder from proxy.pac to wpad.dat and then it's working as expected.

so setup like this you maintain only one file : the proxy.pac and people can setup their browser with automatic configuration detection (as soon as wpad.yourdomain.local is resolve to the IP of the appliance) or the can enter dirrectly http://<fqdn or ip>/files/proxy.pac as a configuration file.

hope this can help someone.

0 Kudos
eelsasser
Level 15

Re: host a proxy.pac in / directory not "files"

Jump to solution

I could have sworn I posted this somewhere on communities before, but I cannot find it. My mind must be going.

I think a better way to alter the location of /files/proxy.pac is to actually have the proxy listen on port 80 as a proxy listener and use rules to do URL rewrites to itself. By doing it this way, you don't have to muck about in the file system, which will get reset if you have to do a re-image, and maybe on some future update. And you can incorporate this method into the policy and it backup with the configuration.

Turn on port 80 as a listening proxy port and use the rules at the top of the policy to do something like this:

Proxy.pac
Enabled
Applies to Requests: True / Responses: False / Embedded Objects: False
1: URL.Path equals "/proxy.pac"
2: OR URL.Path equals "/wpad.dat"
EnabledRuleActionEventsComments
EnabledRedirect
Always
ContinueSet URL = "http://127.0.1.1:4713/files/proxy.pac"yes, this is 127.0.1.1
EnabledEnd
Always
Stop Cycle


That way, anything that asks for */proxy.pac or */wpad.dat gets the proxy delivered.

If you don't want any other proxying to occur on port 80, add the condition to the rule set of Proxy.Port equals 80 AND ....

Then change the last rule to Block instead.

0 Kudos
cedricm
Level 7

Re: host a proxy.pac in / directory not "files"

Jump to solution

just receive this morning :

This Notice is for customers who have special Web Gateway rules in place to take advantageof URL request redirections to the local file server of the Web Gateway. Anexample of this would be for proxy.pac hosting.

Due to productchanges in all upcoming releases (7.1.6.1 and 7.1.0.7), the current method ofrewriting URLs to localhost will no longer work. See KB74168 for steps toensure that your file server hosting will not be interrupted:https://kc.mcafee.com/corporate/index?page=content&id=KB74168


0 Kudos
eelsasser
Level 15

Re: host a proxy.pac in / directory not "files"

Jump to solution

Yes, I saw that.

You'll have to do it like the announcement describes when the release occurs.

0 Kudos