Webproxy WPAD configuration file double definitions

Hi,

because of this thread “Can not get non-Transparent web proxy to work” I had a look at the auto-generated wpad file in /svr/web/ipfire/html

I have never touched it. Mine looks like that:

function FindProxyForURL(url, host)
{
if (
     (isPlainHostName(host)) ||
     (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
     (isInNet(host, "172.24.0.0", "255.255.252.0")) ||
     (isInNet(host, "172.25.0.0", "255.255.252.0")) ||
     (isInNet(host, "172.26.0.0", "255.255.255.0")) ||
     (isInNet(host, "169.254.0.0", "255.255.0.0"))
   )
     return "DIRECT";

 else

if (
     (isInNet(myIpAddress(), "172.24.0.0", "255.255.252.0")) ||
     (isInNet(myIpAddress(), "172.24.1.0", "255.255.255.0")) ||
     (isInNet(myIpAddress(), "172.24.2.0", "255.255.255.0")) ||
     (isInNet(myIpAddress(), "172.25.1.0", "255.255.255.0")) ||
     (isInNet(myIpAddress(), "172.25.2.0", "255.255.255.0"))
   )
     return "PROXY 172.24.0.254:800";

 else

if (
     (isInNet(myIpAddress(), "172.25.0.0", "255.255.252.0"))
   )
     return "PROXY 172.25.0.254:800";
}

172.24.0.0/22 is my green network
172.25.0.0/22 is my blue network

The first rule looks for network members in 172.24.0.0/22 or 172.24.1.0/24 or 172.24.2.0/24 etc. but 172.24.1.0/24 and 172.24.2.0/24 are part of 172.24.0.0/22. I wonder about that!

Also as you can see, blue network members on 172.25.1.0/24 and 172.25.2.0/24 are supposed to use the proxy on green. Why is that?

At the end there is a additional rule for 172.25.0.0/22, that includes 172.25.1.0/24 and 172.25.2.0/24 of the first rule for using the proxy on blue.

So there is are double definitions for 2 green and 2 blue subnets. Why is that?

Cheers

do you have anything in /Network/Web Proxy/Web Proxy Auto-Discovery Protocol (WPAD) / Proxy Auto-Config (PAC)?

No. Never used it and never touched it.

grafik941×190 7.02 KB

To be clear, the first rule looks if the REQUESTED ip in the browser (meaning the destination) is falling in those network ranges. Also, it looks for an url constituted by just the hostname. The subsequent rules are evaluated only if the first rule is false and evaluate the ip address of the machine where the browser is operating, meaning the source of the browser request.

I wonder, if you disable the proxy, and then you enable it again, the proxy.pac should be regenerated. Would it recreate it in the same way?

EDIT, I just tested it. If you disable the proxy then click “Save and Restart” the proxy.pac gets regenerated accordingly.

Hm my mistake. I didn’t mean the “first rule/check”, but the second and third. The host check seems to be normal.

OK I tried that. Disabled and reloaded it, afterwards I enabled and reloaded it again. Downloaded the file: same content as before.

try to disable, save and restart instead of disable, save and reload. Just in case.

Hm my mistake again. I chose Save and Restart. Sorry.

@xperimental I agree with you, to me it looks wrong. I wonder why the repeated entries and the green redirection?

What happens if you enable only blue? Do you still have lines duplication? Does it still redirect to green?

EDIT: In that case the proxy.pac must change. If it does not, something is broken in your system.

If I disable green it looks normal:

grafik974×204 5.84 KB

function FindProxyForURL(url, host)
{
if (
     (isPlainHostName(host)) ||
     (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
     (isInNet(host, "172.24.0.0", "255.255.252.0")) ||
     (isInNet(host, "172.25.0.0", "255.255.252.0")) ||
     (isInNet(host, "172.26.0.0", "255.255.255.0")) ||
     (isInNet(host, "169.254.0.0", "255.255.0.0"))
   )
     return "DIRECT";

 else

if (
     (isInNet(myIpAddress(), "172.25.0.0", "255.255.252.0"))
   )
     return "PROXY 172.25.0.254:800";
}

If I disable blue it looks wrong again:

grafik972×200 5.82 KB

function FindProxyForURL(url, host)
{
if (
     (isPlainHostName(host)) ||
     (isInNet(host, "127.0.0.1", "255.0.0.0")) ||
     (isInNet(host, "172.24.0.0", "255.255.252.0")) ||
     (isInNet(host, "172.25.0.0", "255.255.252.0")) ||
     (isInNet(host, "172.26.0.0", "255.255.255.0")) ||
     (isInNet(host, "169.254.0.0", "255.255.0.0"))
   )
     return "DIRECT";

 else

if (
     (isInNet(myIpAddress(), "172.24.0.0", "255.255.252.0")) ||
     (isInNet(myIpAddress(), "172.24.1.0", "255.255.255.0")) ||
     (isInNet(myIpAddress(), "172.24.2.0", "255.255.255.0")) ||
     (isInNet(myIpAddress(), "172.25.1.0", "255.255.255.0")) ||
     (isInNet(myIpAddress(), "172.25.2.0", "255.255.255.0"))
   )
     return "PROXY 172.24.0.254:800";
}

In my opinion this is a bug.

@xperimental What do you think? Should be considered a bug and reported? I understand very little, but to my limited brain these lines duplication looks like should not be there.

Speaking of stupid brain, I did not read your last line. We agree.

Do you have a VLAN in green? A bridge?

No.

grafik974×426 8.82 KB

Why proxy.pac would recreate a directive for the blue line, when you have disabled the blue line? Something is very wrong here.

Is it possible that your DHCP setting for blue and green is wrong and you have zone crossing ip ranges?

No.

grafik975×592 17.5 KB

But you made me think about a reason for that. For example this:

grafik935×37 1.74 KB

grafik924×35 1.66 KB

This is because if my blue network is in maintenance, I put a temporary AP in green and disable all blue fixed leases and enable the green leases instead.

However it’s still a bug then.

Ah! This now makes sense. I feel better

I agree, this is still a bug.

There is something broken in the fixleases file. Some cells for the on/off state are just empty and I don’t know why.

Edit: All entries with double MAC that are supposed to be disabled misses the cell information “off”. Those are just empty. Another bug?

Edit2: no matter what entry is set to be off via the webui results in an empty cell. Only enabled entries get the cell state “on”. Has something changed and the information “off” is not required anymore?

Maybe there is only one bug, that leads to the wrong proxy.pac If you put off by hand, does the proxy.pac changes when it is recreated?