Table Of Contents
Web Proxy Auto Discovery Protocol
Overview
How WPAD Works
WPAD using DHCP
WPAD using DNS
Manual Browser Configuration for Windows Clients
Deploying WPAD with Windows Server
Configure Internet Information Services
Create an Option 252 Entry in DHCP
Enable Option 252 for a DHCP Scope
Active Directory and Group Policy Objects
Web Proxy Auto Discovery Protocol
Revised: July 15, 2010
Overview
The Web Proxy Auto-Discovery (WPAD) protocol is a method used by Web browsers to locate a Proxy Auto-Config (PAC) file automatically. The protocol uses DHCP and DNS systems and requires minimal configuration of a user's browser; in most cases all that is required is to select a check box. WPAD is not an official Internet standard, but it is widely supported by modern Web browsers. See How PAC Files Work.
How WPAD Works
WPAD can use DNS or DHCP to locate a PAC file. DHCP detection involves the URL being pushed to the end-user in the DHCP assignment, while DNS detection is based on an educated guess using known information about the DNS system.
A browser must be instructed to use WPAD, in most browsers this is as achieved by selecting a check box or button. The feature is most commonly known as `Auto-Detect' and is usually labeled as such. A browser that supports both methods will check the DHCP assignment first, before attempting the DNS method.
The PAC file must have the file name wpad.dat for the DNS method to function.
When using both WPAD methods the file must be served by the web server with the MIME type `application/x-ns-proxy-autoconfig'.
If the browser is unable to load a PAC file via the DHCP or DNS methods, it will allow direct Internet access.
WPAD using DHCP
A DHCP server must be configured to serve an additional setting in an IP address assignment; option 252. This option specifies the exact location of the PAC file. The file name does not need to follow any specific naming convention, however if WPAD DNS is to be used also, the file must have the file name wpad.dat.
A Web browser implementing this method sends the DHCP server a DHCPINFORM query, the DHCP server will return the expected IP settings along with the 252 option which defines the location of the PAC file. The browser will then download this PAC file from the URL provided.
WPAD using DNS
The DNS method differs in that it guesses the location of a PAC file. On Windows, this is based on the domain the machine is joined to, while on Linux and Mac OS X this is based on the Search Domain(s) configured in the network settings.
When attempting the WPAD DNS method, the browser will prefix the domain with wpad and attempt to download the file wpad.dat, for example wpad.domain.com/wpad.dat.
In the following example, a Windows machine is joined to the domain uk.scansafe.com, and a PAC file with the file name wpad.dat is hosted on wpad.scansafe.com:
1. 
After checking the network settings, the browser identifies the host machine as being part of the domain uk.scansafe.com.
2. The browser attempts to resolve wpad.scansafe.com and fails.
3. The browser attempts and succeeds in resolving wpad.scansafe.com.
4. The browser attempts to download the PAC file wpad.scansafe.com/wpad.dat.
Manual Browser Configuration for Windows Clients
You may need to restart your browser for changes to take effect.
•In Internet Explorer, select the Automatically detect settings check box in the Local Area Network (LAN) Settings dialog.
•In Firefox, click Auto-detect proxy settings for this network in the Connection Settings dialog.
•In Opera, open the Preferences dialog then click the Advanced tab. In the left menu click Network then click Proxy Servers. Select the Use automatic proxy configuration check box and enter the WPAD URL in the box. Ensure the other check boxes are cleared then click OK.
•Safari for Windows uses the Internet Explorer settings.
Deploying WPAD with Windows Server
Deploying WPAD on a Windows server enables you to centrally configure Internet Explorer users who are joined to a domain. It also makes it easy to configuring the browsers of users who are not members of a domain.
Before beginning the following should be installed and configured on Windows Server:
•Internet Information Services (IIS)
•DHCP Server
•DNS Server
•Active Directory
Active Directory is not a functional requirement of WPAD, but is recommended in order to simplify deployment.
Currently only Internet Explorer offers complete support for the DHCP method, therefore the DNS method is essential for support with alternate browsers.
You should test your PAC file before renaming it wpad.dat and uploading it to the Web site that will serve the file.
Configure Internet Information Services
Some browsers cannot read a PAC file served with an incorrect MIME type so you should configure IIS to use `application/x-ns-proxy-autoconfig' for the `.dat' extension. When you have made the change, restart IIS .
When the entry for WPAD is created and activated, all users of the relevant DHCP scope will receive the wpad.dat location, ready to be used by a user's browser.
Create an Option 252 Entry in DHCP
To automatically configure proxy settings:
Step1 Open the DHCP control panel.
Step2 In the console tree, right-click DHCP server, click Set Predefined Options, then click Add.
Step3 In the Name box enter WPAD.
Step4 In the Data type box enter String.
Step5 Clear the Array check box.
Step6 In the Code box enter 252.
Step7 In the Description box enter http://<url>:<port>/wpad.dat, then click OK.
To confirm Option 252 is selected, right-click Server Options then click Configure Options.
Enable Option 252 for a DHCP Scope
To configure Option 252 for a DCHP scope:
Step1 Open the DHCP control panel.
Step2 Right-click Scope Options, click Configure Options, then click Advanced.
Step3 In Vendor Class, click Standard Options.
Step4 In Available Options, click 252 Proxy Autodiscovery, then click OK.
Active Directory and Group Policy Objects
One of the benefits of WPAD is that it greatly reduces the amount of work it takes to configure a browser for use with a PAC file/proxy.
Using Active Directory and Group Policy Objects (GPO) you can configure Internet Explorer settings automatically. A third-party tool called FirefoxADM is available for Firefox which allows configuration via GPO.
