Title: Automatic proxy configuration with Debian Edu / Skolelinux
Tags: english, debian edu
-Date: 2012-02-13 23:30
+Date: 2012-02-13 23:40
<p>New in the Squeeze version of
<a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a> is the
ability for clients to automatically configure their proxy settings
based on their environment. We want all systems on the client to use
-the WPAD based proxy definition fetched from http://wpad/wpad.dat, to
+the WPAD based proxy definition fetched from <tt>http://wpad/wpad.dat</tt>, to
allow sites to control the proxy setting from a central place and make
-sure clients do not have hardcoded proxy settings.</p>
+sure clients do not have hard coded proxy settings. The schools can
+change the global proxy setting by editing
+<tt>tjener:/etc/debian-edu/www/wpad.dat</tt> and the change propagate
+to all Debian Edu clients in the network.</p>
<p>The problem is that some systems do not understand the WPAD system.
In other words, how do one get from a WPAD file like this (this is a
simple one, they can run arbitrary code):</p>
-<blockquote><pre
+<blockquote><pre>
function FindProxyForURL(url, host)
{
if (!isResolvable(host) ||
<blockquote><pre>
http_proxy=http://webcache:3128/
ftp_proxy=http://webcache:3128/
-</pre><blockquote>
+</pre></blockquote>
<p>To do this conversion I developed a perl script that will execute
the javascript fragment in the WPAD file and return the proxy that
-would be used for http://www.debian.org/, and insert this extracted
-proxy URL in /etc/environment and /etc/apt/apt.conf. The perl script
-wpad-extract work just fine in Squeeze, but in Wheezy the library it
-need to run the javascript code is
-<a href="http://bugs.debian.org/631045">no longer able to build</a>
-because the C library it depended on is now a C++ library. I hope
-someone find a solution to that problem before Wheezy is frozen. An
-alternative would be for us to rewrite wpad-extract to use some other
-javascript library currently working in Wheezy, but no known
-alternative is known at the moment.</p>
+would be used for
+<tt><a href="http://www.debian.org/">http://www.debian.org/</a></tt>,
+and insert this extracted proxy URL in <tt>/etc/environment</tt> and
+<tt>/etc/apt/apt.conf</tt>. The perl script wpad-extract work just
+fine in Squeeze, but in Wheezy the library it need to run the
+javascript code is <a href="http://bugs.debian.org/631045">no longer
+able to build</a> because the C library it depended on is now a C++
+library. I hope someone find a solution to that problem before Wheezy
+is frozen. An alternative would be for us to rewrite wpad-extract to
+use some other javascript library currently working in Wheezy, but no
+known alternative is known at the moment.</p>
<p>This automatic proxy system allow the roaming workstation (aka
laptop) setup in Debian Edu/Squeeze to use the proxy when the laptop
feature when it is connected to other networks. And if no proxy is
announced, direct connections will be used instead.</p>
-<p>Silenty using a proxy announced on the network might be a privacy
+<p>Silently using a proxy announced on the network might be a privacy
or security problem. But those controlling DHCP and DNS on a network
could just as easily set up a transparent proxy, and force all HTTP
and FTP connections to use a proxy anyway, so I consider that
proxy, you should avoid connecting to the network in question in the
first place. In Debian Edu, the proxy setup is updated using dhcp and
ifupdown hooks, to make sure the configuration is updated every time
-the newtork setup changes.</p>
+the network setup changes.</p>
-The WPAD system is documented in a
+<p>The WPAD system is documented in a
<a href="http://tools.ietf.org/html/draft-ietf-wrec-wpad-01">IETF
draft</a> and a
<a href="http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol">Wikipedia
-page</a> for those that want to learn more.
+page</a> for those that want to learn more.</p>
projects / homepage.git / blobdiff