In order to use the DNS only method to setup Web Proxy Autodiscovery Protocol (WPAD) you need to check on the following
- To use WPAD using DNS method a DNS entry is needed for a host named WPAD. This name should be resolvable from the clients machine
- Web server must be configured to serve the WPAD file with a MIME type of “application/x-ns-proxy-autoconfig”
- A file named wpad.dat must be located in the WPAD Web server’s root directory.
- The host at the WPAD address must be able to serve a Web page.
- So if you are a member of example.com domain the browser is looking for this url for the PAC file http://wpad.example.com/wpad.dat
DNS server
A DNS entry is needed for a host named WPAD, in this content on the DNS server of the enterprise network. It is preferably the DNS server client access to resolve any DNS query. This entry should be point to the server that will host the WPAD.DAT file as discussed in the next section.
If your domain name is example.com, the client machine should be able to resolve your web servers IP address looking up wpad.example.com.
Hosting the PAC file on a web server for client to access
Host your Proxy Auto Configuration file in a web server. This should work on any web environment as long as the right configuration parameters are entered.
Assuming you are using apache 2 on Redhat 5
Make sure you have a working proxy.pac ready with you.
It is not recommended to host wpad file in a virtual host environment, use default virtual host environment
Upload the file in server root /var/www/html/proxy.pac
Can create a symlink of proxy.pac file as wpad.dat
Add the following line in your /etc/httpd/conf/httpd.conf
AddType application/x-ns-proxy-autoconfig .pac
AddType application/x-ns-proxy-autoconfig .dat #used for configuring auto detect setting using DNS
Restart/reload your web server (probably required)
Make sure the client can access this file using the url http://wpad.example.com/wpad.dat
Setting up client browser to use Web Proxy Autodiscovery Protocol (WPAD) using GPO/ Group policy
If you are using windows professional Machine in an enterprise network you can use Active Directory and Group Policy Objects (GPO) you can configure Internet Explorer settings automatically via GPO. A tool called FirefoxADM is available for Firefox which allows configuration, however I haven’t tried out this tool and looks last update was over a year old. Please share if you know of any better tool.
How to use GPO/Group policy to configure enterprise wide browser setting on a windows network
You can configure all web browser on the network to automatically detect proxy setting. This will work with IE and Chrome. Use group policy on the domain controller to endorse windows domain wide configuration use following steps.
- On the domain controller run gpedit
- User configuration -> windows setting -> internet explorer maintenance -> connection -> automatic browser configuration
- Select automatically detect configuration setting
You can use “gpupdate /force” on the client machine to update group policy immediately
You may use “gpreuslt /Z” or “gpreuslt /V” to check if group policy is taking effect on your local PC/client PC
Manually Setting up client browser to use Web Proxy Autodiscovery Protocol (WPAD)
Firefox
Option -> network -> Settings
Select “auto-detect proxy setting for this network”
Chrome
Settings -> show advanced settings (at the bottom) -> Change proxy settings
Under connections tab click on LAN settings
Enable “automatically detect settings” (disable all other option)
IE
Tools -> internet option -> connection -> LAN setting
Enable “automatically detect settings” (disable all other option)
Check if the traffic is going through proxy
In my setup I have been using squid as a proxy, so I monitor for “tail -f /var/log/squid/access.log” and check for traffic request from the client. Make sure any transparent proxy configuration is turned off to avoid wrong reading.
Please share if you know of any other way to check from the client side.
If your traffic is passing through the proxy server, congratulations you have successfully configured automatic proxy configuration server with a PAC file.
Debug
If you are not getting the desired result you may try the following steps
- Check if looking up wpad.example.com points to the server your WPAD file is hosted on, (use nslookup, ping)
- Check if you can download the WPAD file using the url http://wpad.example.com/wpad.dat
- Check the auto proxy configuration file format syntax etc. Read more on how to write a pac file
Try setting up the auto configuration file manually and see if that works
Read the overview on proxy auto configuration on enterprise network
Technology Tab 
Dear Saad thanks the link https://tektab.com/2012/09/28/squid-t…s-ssl-traffic/ has done the job. But i am receiving the following error after entering user name and password for my gmail and yahoo email accounts
Connection to 173.194.70.94 failed
The system returned71) Protocol error
the remote host or network may be down. Please try the request again.
Note Please: i am using two proxy server in my environment one for students and one for staff and have more than 1500 hundred users, unfortunately for some reasons we have workgroup environment, no domain environment.
Please help in this regard.
Regard.
did you try using the proxy server directly?
did you also check the proxy log to see if the traffic is going through the proxy server?
Dear Saad, Thanks for your reply first. Yes i am using proxy directly, and traffic is going through proxy for https /SSL requests.
that means your proxy is configured properly. Next thing you need to check is if your wpad file is accessible from the clients machine.
try the url http://wpad.example.com/wpad.dat and see if it is accessible without using any proxy server, where example.com is your search domain.
next step is the use http://wpad.example.com/wpad.dat
next you can try using automatic proxy configuration url in your proxy setting (firefox)
let me know if this helps.
Thanks,
Hi, I want to do the opposite. I want to totally turn off WPAD. I have a web service that is trying to use WPAD. But since it is not configured to use it, it adds a long delay while it tries it. But we don’t use any proxy. How do you ensure that WPAD is not used?
You can disable webproxy on group policy or at the application level. On the other hand do not configure the WPAD server.