8 Replies Latest reply on Feb 15, 2012 1:23 AM by eelsasser

    host a proxy.pac in / directory not "files"

      I need to have the proxy.pac in http://proxy.domain.com/proxy.pac  NOT http://proxy.domain.com/files/proxy.com on my 7.1 gateway.

      (Yes I have it working on port 80 as implied I just need remove the files directory)

      Can I just do symbolic link to the file on the command line ?

       

      I am upgrading from 6.8.7 and am using proxy.pac as in KB67177.

       

      Thanks,

      RickO

        • 1. Re: host a proxy.pac in / directory not "files"

          There is a hard-coded link to "/wpad.dat" if you upload a file with that name.

          Can you use that?

          http://proxy.domain.com/wpad.dat

          • 2. Re: host a proxy.pac in / directory not "files"

            Yes I will be but -

            actually I need to take advantage of the fact 7.1 can have anyname.pac files (long time ago we used wpad.pac and 4000+ machines still use it)

             

            So I need proxy.pac AND wpad.pac (don't laugh) off of root /.

            I can do anything on the cli if need be.

            RickO

            • 3. Re: host a proxy.pac in / directory not "files"

              For support reasons, I cannot tell you how to do this command:

              # cd /usr/share/mwg-ui/fileserver/ROOT

              # ln -s files/proxy.pac proxy.pac

                

              They would kill me if I told you, because it has not been approved by engineering and will not be supported. And it is unknown what will happen during upgrades and backups, etc. So don't do it.

               

              However, I have been able to create rules to do something similar. I would have to dig them up, but basically you put in a rule rule that checks for

               

              URL.Path equals "/proxy.pac"

               

              and in the events:

               

              Set URL = http://127.0.1.1:4713/files/proxy.pac

                or

              Set URL = http://127.0.1.1:4713/wpad.dat

               

               

              Yes, oddly enough it is 127.0.1.1.

              • 4. Re: host a proxy.pac in / directory not "files"
                cedricm

                Hi, i have a similar as Ricko

                 

                my Version is 7.1.6

                 

                File proxy.pac uploaded on the WebGateway through Troubleshooting/Files

                File Server setup on Port TCP 4713 (default) under  Configuration/appliance/File Server/HTTP Connector Port

                Port forwarding Setup withe Source 0.0.0.0  Target Port 80 Destination 127.0.0.1 Port 4713 under  Configuration/appliance/Port Forwarding

                 

                the proxy.pac file is accessible  and working on following url

                http://<fqdn or IP>:4713/files/proxy.pac (file Server TCP port work : OK)

                http://<fqdn or IP>/files/proxy.pac (port 80) (Port Forward rules work : OK)

                 

                But no way to access the wpad.dat theough http://<fqdn or IP>:4713/wpad.dat or http://<fqdn or IP>/wpad.dat

                Some Thread on community forum say that the appliance should be translated automatically, but does not looks to be the case

                 

                I did even try through ssh to do

                from folder /opt/mwg : ln ./file/proxy.pac wpad.dat (hard link)

                owned by mwgc/mwg

                 

                but still not able to access http://<fqdn or IP>:4713/wpad.dat or http://<fqdn or IP>/wpad.dat

                 

                Does anyone have succeed to setup a link like this http://<fqdn or IP>/wpad.dat (without the files folder) on the appliance.

                 

                If not i will try to go through the support, but there are very slow to answer.

                thanks for any help.

                • 5. Re: host a proxy.pac in / directory not "files"
                  cedricm

                  answering to myself, sometime just asking othe helps to understand

                   

                  There is in fact the automatic translation of the http://<fqdn or ip>/files/wpad.dat to http://<fqdn or ip>/wpad.dat

                  so the hard link need to be done inside the /opt/mwg/files/folder from proxy.pac to wpad.dat and then it's working as expected.

                  so setup like this you maintain only one file : the proxy.pac and people can setup their browser with automatic configuration detection (as soon as wpad.yourdomain.local is resolve to the IP of the appliance) or the can enter dirrectly http://<fqdn or ip>/files/proxy.pac as a configuration file.

                   

                  hope this can help someone.

                  • 6. Re: host a proxy.pac in / directory not "files"

                    I could have sworn I posted this somewhere on communities before, but I cannot find it. My mind must be going.

                     

                    I think a better way to alter the location of /files/proxy.pac is to actually have the proxy listen on port 80 as a proxy listener and use rules to do URL rewrites to itself. By doing it this way, you don't have to muck about in the file system, which will get reset if you have to do a re-image, and maybe on some future update. And you can incorporate this method into the policy and it backup with the configuration.

                     

                     

                    Turn on port 80 as a listening proxy port and use the rules at the top of the policy to do something like this:

                     

                    Proxy.pac
                    Enabled
                    Applies to Requests: True / Responses: False / Embedded Objects: False
                    1: URL.Path equals "/proxy.pac"
                    2: OR URL.Path equals "/wpad.dat"
                    EnabledRuleActionEventsComments
                    EnabledRedirect
                    Always
                    ContinueSet URL = "http://127.0.1.1:4713/files/proxy.pac"yes, this is 127.0.1.1
                    EnabledEnd
                    Always
                    Stop Cycle


                    That way, anything that asks for */proxy.pac or */wpad.dat gets the proxy delivered.

                     

                    If you don't want any other proxying to occur on port 80, add the condition to the rule set of Proxy.Port equals 80 AND ....

                    Then change the last rule to Block instead.

                    • 7. Re: host a proxy.pac in / directory not "files"
                      cedricm

                      just receive this morning :

                       

                      This Notice is for customers who have special Web Gateway rules in place to take advantageof URL request redirections to the local file server of the Web Gateway. Anexample of this would be for proxy.pac hosting.

                      Due to productchanges in all upcoming releases (7.1.6.1 and 7.1.0.7), the current method ofrewriting URLs to localhost will no longer work. See KB74168 for steps toensure that your file server hosting will not be interrupted:https://kc.mcafee.com/corporate/index?page=content&id=KB74168


                      • 8. Re: host a proxy.pac in / directory not "files"

                        Yes, I saw that.

                         

                        You'll have to do it like the announcement describes when the release occurs.