Configuring WPAD under OpenBSD

Hello there,

First of all, what is wpad ?

WPAD is acronym to Web Proxy Autodiscovey Protocol, it is reponsible for automatic detecting of proxy under web browsers.

I will assume that you know OpenBSD, know configure a basic DHCP Server, and know configure Apache.

First step:

create a file named “wpad.pac” with this content:

function FindProxyForURL(url, host)
if( shExpMatch(url, “!ftp:*”) || isPlainHostName(host) || dnsDomainIs(host, “”) isInNet(host, “”, “”))
return “DIRECT”;
} else {
return “PROXY; DIRECT”;

Put this file under your DocumentROOT of your Apache

example : /var/www/htdocs/wpad.pac

Understanding the javascript :

  • shExpMatch(str, shellexp) True if str matches the shell expression (not regexp) shellexp. E.g. shExpMatch(“a/b/c”,”*/b/*”) is true
  • isPlainHostName(host) Returns true if host contains no dots (“.”).
  • dnsDomainIs(host, domain) True if domain is in host.
  • isInNet(host, pattern, mask) True if the IP address or hostname in host is in the network specified by pattern and mask.
  • If these conditions are true, so You will access directly without proxy, else you will use proxy.

    Now, the configuration of Apache.

    Virtual Host Configuration:

    DocumentRoot /var/www/htdocs
    ErrorLog logs/default_error
    CustomLog logs/default_access common
    AddType application/x-ns-proxy-autoconfig .pac

    Reload your apache doing:

    # apachectl restart

    Now it’s time to configure DHCP

    Put this into your dhcpd.conf

    option autoproxy-script “”;

    Kill you dhcp server:

    # pkill dhcpd && sleep 3 && dhcpd

    Ok, All configuration are done 🙂

    Internet Browsers, must have AutoDetection Proxy option enabled:

    Internet explorer -> Internet Options/Conections TAB/Lan Settings : “Automatically detect settings” check box. must be checked


    Internet Explorer -> Internet Options/Advanced TAB/Reset
    Mozilla Firefox -> Set manually address of pac file, in case of us,
    Google Chrome: Same of Firefox

    On Microsoft OS, Skype, Messenger etc will catch configuration very fine 🙂

    Now block at your firewall the rule to port { www https }


    Until next time 🙂

    Like it? Comment

    This entry was posted in Network, OpenBSD and tagged , , , . Bookmark the permalink.