- 论坛徽章:
- 0
|
本帖最后由 abc3w 于 2010-08-24 10:40 编辑
利用wpad配置浏览器代理服务器自动检测
在家与公司里,代理服务器地址改来改去,麻烦?
代理服务器用户验证需要手工设置代理服务器地址?
WPAD是Web Proxy Auto Discovery的缩写,意思是Web代理服务器自动发现。
浏览器自动检测代理服务器启用时会查找名称为wpad的计算机,并从wpad的web服务下载自动配置脚本。
使用浏览器的自动代理服务器检测,可以方便计算机在各个使用代理服务器的网络打开网页,而无需重新配置,并绕过了透明代理不能使用用户验证的问题。
以下是一个已经通过IE及firefox浏览器自动配置的方案.
dhcpd+wins+named+apache+squid
实现过程:
由dhcpd分配dns服务器地址
wins及named解析wpad地址
apache提供自动代理脚本 proxy.pac 下载
squid提供代理服务,当然其它代理服务器也行
假设各服务器IP如下:
aquid: 192.168.1.1 squid.wpad
named: 192.168.1.2 ns1.network.local
apache: 192.168.1.3 wpad
wins: 192.168.1.253
dhcpd: 192.168.1.254
以下配置只包括如何实现浏览器自动检测代理服务器的部份内容,各服务具体配置请查阅相关资料.
1) 配置DHCP分配DNS地址
在dhcpd.conf里添加dns服务器地址:
- option domain-name-servers 192.168.1.2;
- option netbios-name-servers 192.168.1.253;
- option domain-name "network.rhel"; # 单wpad不会查询DNS,加入这一条,会就查询wpad.network.rhel.
在named.conf里添加
- zone "network.rhel" {
- type master;
- file "/etc/network.rhel.zone";
- };
- $ttl 36000
- wpad. IN SOA ns1.network.rhel. ns@network.rhel. ( #named里已经配置ns1.network.local指向本地IP地址.
- 2005090503
- 10800
- 3600
- 604800
- 36000 )
- network.rhel. IN NS ns1.network.rhel.
- network.rhel. IN NS ns2.network.rhel. #如有多个DNS服务器地址,需同样在named添加network.rhel.zone记录及network.rhel.zone数据文件.
- @ IN A 192.168.1.2
- ns1 IN A 192.168.1.2
- ns2 IN A 192.168.1.x #多台dns解析服务器
- wpad IN A 192.168.1.3 #提供wpad解析
- squid IN A 192.168.1.1
- squid IN A 192.168.1.5 #可选,多台代理服务器时使用,如果使用了用户验证,可能会导致频繁验证.
计算机名称: wpad
ip地址: 192.168.1.3
4) 配置proxy.pac,由apache提供下载
在apache默认路径下(默认/var/www/html/,具体位置见httpd.conf配置文件DocumentRoot处)添加proxy.pac文件:
此文件可以squid官方网站下载到,稍做修改如下:
- //We (www.is.co.za) run a central cache for our customers that they
- //access through a firewall - thus if they want to connect to their intranet
- //system (or anything in their domain at all) they have to connect
- //directly - hence all the "fiddling" to see if they are trying to connect
- //to their local domain.
- //
- //Replace each occurrence of company.com with your domain name
- //and if you have some kind of intranet system, make sure
- //that you put it's name in place of "internal" below.
- //
- //We also assume that your cache is called "cache.company.com", and
- //that it runs on port 8080. Change it down at the bottom.
- //
- //(C) Oskar Pearson and the Internet Solution (http://www.is.co.za)
- function FindProxyForURL(url, host)
- {
- //If they have only specified a hostname, go directly.
- if (isPlainHostName(host))
- return "DIRECT";
- //These connect directly if the machine they are trying to
- //connect to starts with "intranet" - ie http://intranet
- //Connect directly if it is intranet.*
- //If you have another machine that you want them to
- //access directly, replace "internal*" with that
- //machine's name
- if (shExpMatch( host, "intranet*")||
- shExpMatch(host, "internal*"))
- return "DIRECT";
- //Connect directly to our domains (NB for Important News)
- if (dnsDomainIs( host,"127.0.0.1")|| #指定地址或域名不通过代理
- //If you have another domain that you wish to connect to
- //directly, put it in here
- dnsDomainIs(host,"127.0.0.1")) #指定地址或域名不通过代理,可使用||符号添加多个
- return "DIRECT";
- //So the error message "no such host" will appear through the
- //normal Netscape box - less support queries :)
- if (!isResolvable(host))
- return "DIRECT";
- //We only cache http, ftp and gopher
- if (url.substring(0, 5) == "http:" ||
- url.substring(0, 4) == "ftp:"||
- url.substring(0, 7) == "gopher:")
- //Change the ":8080" to the port that your cache
- //runs on, and "cache.company.com" to the machine that
- //you run the cache on
- return "PROXY squid.wpad:3128; DIRECT"; #此处指明squid服务器地址,已经由squid.wpad解析
- //We don't cache WAIS
- if (url.substring(0, 5) == "wais:")
- return "DIRECT";
- else
- return "DIRECT";
- }
如果squid与apache在一台服务器上,并且启用透明代理,在squid.conf合适位置添加如下几行,防止不能下载proxy.pac文件.
- acl AllowSquidWpad dstdomain wpad wpad. squid.wpad 192.168.1.1 #假设服务器地址是192.168.1.1
- acl lan_all_ip src 192.168.0.0/16 #假设局域网地址范围是192.168.0.0-192.168.255.255
- http_access allow lan_all_ip AllowSquidWpad
以上服务可以由一台服务器提供,只要把相应的IP地址更改。
这只是N种方法中的一种,纯个人见解,错误之处难免,望大家指正. |
|
免费注册
发表于 2010-08-03 12:01