I would like to ask the following:
I have a WPAD file with the following content on the company's server.
function FindProxyForURL(url,host)
{
if (
isPlainHostName(host) ||
shExpMatch(host,"*.srv.xxxxx.de") ||
shExpMatch(host,"*.corp.pri") ||
isInNet(host, "10.0.0.0", "255.0.0.0")
)
return "DIRECT";
else
return "PROXY sproxy.srv.xxxxx.de:3128; DIRECT";
}
Does the else statement in this code say that if the host does not find a suitable proxy, it should connect directly to the Internet?
We want all our hosts to go to the Internet full without proxy server.
Is it enough to just turn off and delete the proxy server from the network or do we have to modify the WPAD file first?
I hope someone can help me in a little more detail.
I would like to test it myself by turning off the proxy, but over 500 hosts have changed their registry parameters based on WPAD file, so I don't want anything to go wrong.
Thank you very much.
Related
I am trying to build a new DNS, which will act as a proxy for certain domain names and uses a public DNS as upstream.
My understanding of DNS:
Client asks DNS (x.x.x.x) about example.com
DNS will look up inside its zones (or parent and root) and find example.com can be found at i.i.i.i
DNS will send i.i.i.i to the client.
Now, client asks the ip address of restricted.test and DNS server knows it is a restricted website, so instead of giving the direct ip to the website, it gives it's own proxy address p.p.p.p to the client.
Please correct me if I'm wrong till now, but when the client tries to connect to p.p.p.p how the proxy server knows which website the client wants to go in?
I really want to know how these work under the hood
Thanks in advance.
This mechanism you are asking about is the Proxy Auto-Configuration (PAC) file.
Read more about it here :
https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file
And here :
https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_explained.aspx
Essentially in corporate networks, a PAC file is pushed out to every computer, and browser settings are also configured to enable the PAC file. But it can also be done manually. Just check your browser proxy settings to see the location of the PAC file it is pointed to.
If I use foo.my-company.com at work, then all works well, but if we fix any bug remotely, then the web server will respond with a forbidden.
I heard we can use dev1-foo.my-company.com at a remote location, and it is the same site, but if I access that, I found that all the AJAX are still done to foo.my-company.com and it won't work because it is still forbidden. It seems that "hosts file" can be used to overcome this, but how specifically?
All a hosts file can do is associate a hostname (like dev1-foo.my-company.com) to an IP address (like 10.1.1.5).
This can be enormously useful if:
Your DNS doesn't have an entry for the host you need (e.g. "dev1")
... or ..
You want to override DNS (substitute your own "dev1", e.g. for testing)
This is all TCP/IP - it has nothing directly to do with higher-level protocols like HTTP or AJAX.
'Hope that helps ..
Its been so long since i've needed to ftp something I seem to have forgotten how to do it.
(server address)I have got my ftp address
(password)I have got my password
(port)I have assumed the port is 20 or 21
I am using Filezilla and the above are the only information it requests.
I had connected it to localhost without any problems apart from it not showing the files that are stored in my htdocs folder (I had a look to see if i needed to direct to the folder but couldn't find anything to say that it was necessary) the port number for that was 14147. When I try to connect to a remote host I keep receiving errors saying maybe the port is incorrect or "Connected, waiting for authentication", I cannot leave the port option blank, I have tried 20, 21, 25, 80, 8080, 14147 and a couple of random ones after getting frustrated.
I have gone onto my provider and tried to find the port but cant seem to find the port they use for anything other than the emails, that was 25 and that is when i get the Connected, waiting for authentication message.
In short can someone please direct me to an idiots guide to FTP'ing, I know it should be quite straight-forward, but i'm really struggling. I have looked at a few tutorials but as it is such a straight forward job none seem to address my issue.
Please help (I assume what im trying to ftp doesnt make a difference?)
Little confusing to understand but if you need help setting up an ftp servers, heres how:
download and install Filezilla server(assuming this is done)
when it asks for what server leave it at default(host is 127.0.0.1
and port 14147)
set up a group. for this go to edit->groups and
hit add and name it.
now go to shared folders and select the
folder(s) you want this group to access along with what permissions
they need. Hit ok.
now set up a user in your group. Go to
edit->users
Click add, name the account(this will be your
username) and set the group
ensure the box labeled enable account
is selected and that you have a password set up.
hit ok to save
changes. Now try to connect through localhost using an FTP client.
if it works then continue on. If it does not work ensure that a
firewall is not blocking the server
set up port forwarding for
port 21(every router is different so try googling how to do this).
test by using your external ip address. Don't know it? try
whatismyip.com
That should be all you need to do for your new FTP server
I met a problem on Subversion configuring behind an Apache under the windows.
The server is in domain. If make a check out with the local DNS from the server via HTTPS
I have no a problem , if I (or someone else outside from the company) tries make checkout by specifying the public DNS via HTTPS failed by saying :
alt text http://www.freeimagehosting.net/uploads/028c3eebd7.jpg
This is not Tortoise issure , because the same problem I got from command line too.
Please check if your firewall allows exception for the needed ports in external use.
Probably there is something like "allow in domain network" set to that rule, you must change this in order to get it working from outside. But be careful with Windows-Server accessible in the internet.
For example, I have a development site on a different server but I'm trying to copy content over from the live site so it'd be handy to have the live site in IE and the dev site in FF.
I tried FoxyProxy but I can't seem to get it to work.
I use this to override system's DNS with localserver
in about:config
change this value:
network.dns.forceResolve
network.dns.ipv4OnlyDomains
network.dns.localDomains
with IP address of local DNS server (for exsample 192.168.1.88)
Sorry for my english
It's now possible, with the DNS over HTTPS function:
Open Options, General, scroll to very bottom and open Network Settings,
On the very bottom, you can find DNS over HTTPS:
You had to use about:config before to change this setting, here's for documentation:
Type about:config in firefox address bar.
search for:
network.trr.uri
You can use one of the DNS servers below:
Cloudflare: https://cloudflare-dns.com/dns-query
Google: https://dns.google/dns-query
Secure DNS EU: https://doh.securedns.eu/dns-query
Quad 9: https://dns.quad9.net/dns-query
And set network.trr.mode to 1
Hijacked from here:
https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
It appears from your question that you already have a second set of DNS servers available that reference the development site instead of the live site.
I would suggest that you simply run a standard SOCKS proxy either on that DNS server system or on a low-end spare system and have that system configured to use the development DNS server. You can then tell Firefox to use that proxy instead of downloading pages directly.
Doing it this way, the actual DNS lookups will be done on the proxy machine and not on the machine that's running the web browser.
DNS resolving is usually done at the system level and not at the application level, so you can't normally have one program use one dns and another program use a different dns. I'm not aware of any firefox extensions that allow you to use a different dns.
What about having different names for your dev and prod servers? That should avoid any confusions and you'd not have to edit the hosts file every time.
I am using the SwitchHost extension exactly for this problem:
https://addons.mozilla.org/en-US/firefox/addon/14258
It is easy to configure, and even more easy to switch hosts.
I wonder if you could write a custom rule for Fiddler to do what you want? IE uses no proxy, Firefox points to Fiddler, Fiddler uses custom rule to direct requests to the dev server...
http://www.fiddlertool.com/fiddler/
Since http proxy protocol is similar to raw http protocol, you can redirect desired traffic to your development server by telling firefox it's a proxy server.
two limitations:
A. this won't let you use https connections.
B. some frameworks (e,g: wordpress) don't like this method and redirect the request the wrong way
just copy the following code into a .pac file (enter your site domain and IP address, of course), and switch development/production just by changing proxy configuration.
function FindProxyForURL(url, host) {
var prox4site = {
"mysite.com":"PROXY 10.0.1.100:80",
"www.mysite.com":"PROXY 10.0.1.100:80"
}
return prox4site[host] || "DIRECT";
}
Go to options->Advanced->Network->Settings->Automatic proxy configuration url and enter 8.8.8.8 All you Mozilla traffic uses Google dns now.