Cisco Cisco Web Security Appliance S170 사용자 가이드
104
I R O N P O R T A S Y N C O S 6 . 5 F O R W E B U S E R G U I D E
• Web server. You can place the PAC file on a web server that each client machine can
access. For example, you can place the PAC file on an Apache or Microsoft IIS web server.
Enter the URL in the browser configuration.
Enter the URL in the browser configuration.
• Web Security appliance. You can place the PAC file on the Web Security appliance. You
might want to put the PAC file on the Web Security appliance to verify every client
machine can access it within the network. Enter the URL in the browser configuration. If
the URL does not specify the PAC file name, the appliance returns default.pac if it exists.
machine can access it within the network. Enter the URL in the browser configuration. If
the URL does not specify the PAC file name, the appliance returns default.pac if it exists.
For more information about uploading PAC files to the Web Security appliance, see
“Adding PAC Files to the Web Security Appliance” on page 106.
“Adding PAC Files to the Web Security Appliance” on page 106.
Detecting the PAC File Location Automatically
If a browser supports the Web Proxy Autodiscovery Protocol (WPAD), you can configure it to
automatically detect the PAC file location. WPAD is a protocol that allows the browser
determine the location of the PAC file using DHCP and DNS lookups.
automatically detect the PAC file location. WPAD is a protocol that allows the browser
determine the location of the PAC file using DHCP and DNS lookups.
Before fetching its first page, a web browser configured to automatically detect the PAC file
location tries to find the PAC file using DHCP or DNS. Therefore, to use WPAD, you must set
up either a DHCP server or a DNS server to direct web browser requests to the PAC file on a
network server. However, not all browsers support DHCP to find the PAC file using WPAD.
location tries to find the PAC file using DHCP or DNS. Therefore, to use WPAD, you must set
up either a DHCP server or a DNS server to direct web browser requests to the PAC file on a
network server. However, not all browsers support DHCP to find the PAC file using WPAD.
This section includes some general guidelines for using WPAD with DNS “A” records. For
more detailed information, or for information about using WPAD with DHCP, see the
following locations:
more detailed information, or for information about using WPAD with DHCP, see the
following locations:
• http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
• http://www.wpad.com/draft-ietf-wrec-wpad-01.txt
• http://www.microsoft.com/technet/isa/2004/plan/automaticdiscovery.mspx
When you use WPAD with DNS, each domain on the network can only use one PAC file for
all users on a domain because only domain name can uniquely identify a PAC file using DNS.
For example, users on host1.accounting.example.com and host2.finance.example.com can
use different PAC files.
all users on a domain because only domain name can uniquely identify a PAC file using DNS.
For example, users on host1.accounting.example.com and host2.finance.example.com can
use different PAC files.
To use WPAD with DNS:
1. Rename the PAC file to wpad.dat.
2. Create an internally resolvable DNS name that starts with “wpad,” such as
wpad.example.com.
3. Place wpad.dat in the root directory of the website that will host the file, such as
wpad.example.com. For information about placing the file on the Web Security
appliance, see “Uploading PAC Files to the Appliance” on page 106.
appliance, see “Uploading PAC Files to the Appliance” on page 106.
Note — Due to a bug in Internet Explorer 6, create a copy of wpad.dat and change the file
name to wpad.da to work with Internet Explorer 6 users. For more information, see http://
www.microsoft.com/technet/isa/2004/ts_wpad.mspx.
name to wpad.da to work with Internet Explorer 6 users. For more information, see http://
www.microsoft.com/technet/isa/2004/ts_wpad.mspx.