Pros and cons of both ways of autoconfiguration
wpad.dat
- mobile browser can be forwarded by hijackers to their own proxy - for example laptop in hotel/airport
- can be served by DHCP (option 252) or DNS where DHCP is protocol of the first choice for Internet Explorer/Edge but not for FireFox/Chrome
- it is almost the same file as proxy.pac but with different name, some old IE versions were looking for wpad.da (yes, without letter t at the end)
- wpad.dat can be cached (proxy.pac also) - so if You have mobile users and You want to enforce them to work with Your proxy not with proxy in hotel/airport or to allow them to work without any proxy - You should create some type of service to refresh settings of default browser, You should try to delete cached wpad.dat
- must be served from web server
- can be served locally - protection against hijackers?
How to disable proxy autoconfiguration file caching
by registry
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Value: EnableAutoproxyResultCache
Type: REG_DWORD
Data value: 0 = disable caching; 1 (or key not present) = enable automatic proxy caching (this is the default behavior)
by gpo
In Group Policy Object Editor, double-click User Configuration\Administrative Templates\Windows Components\Internet Explorer.
Double-click Disable caching of Auto-Proxy scripts.
Brak komentarzy:
Prześlij komentarz