SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001816: proxy.pac file is reachable even if http proxy is not active - MantisBT
MantisBT - Endian Firewall
View Issue Details
0001816Endian FirewallProxy HTTPpublic2009-04-23 16:372010-11-22 11:51
luca-endian 
peter-endian 
normalmajoralways
closedfixed 
2.2-rc3 
2.4 
0001816: proxy.pac file is reachable even if http proxy is not active
The proxy auto configuration file (proxy.pac) is downloadable always even if the http proxy is not working.

This may provide an erroneous proxy configuration to a browser which has the auto detection function active.

This issue may prevent clients to correctly access to internet.

The file should be available only when the proxy is active.
purple
Issue History
2009-04-23 16:37luca-endianNew Issue
2009-04-23 16:37luca-endianAssigned To => simon-endian
2009-04-23 16:37luca-endianTag Attached: purple
2009-04-23 16:39luca-endianStatusnew => confirmed
2009-06-01 15:00luca-endianNote Added: 0002448
2009-06-04 16:01peter-endianNote Added: 0002462
2009-06-08 14:33simon-endianNote Added: 0002483
2009-06-08 14:39simon-endianStatusconfirmed => feedback
2009-06-08 15:06luca-endianNote Added: 0002485
2009-06-08 15:06luca-endianStatusfeedback => closed
2009-06-08 15:06luca-endianResolutionopen => no change required
2009-06-24 08:38luca-endianNote Added: 0002666
2009-06-24 08:38luca-endianAssigned Tosimon-endian =>
2009-06-24 08:38luca-endianStatusclosed => acknowledged
2009-06-29 14:21peter-endianNote Added: 0002693
2009-06-30 13:40luca-endianNote Added: 0002708
2009-06-30 14:00mike-fNote Added: 0002710
2009-06-30 14:13luca-endianNote Added: 0002711
2009-06-30 15:09mike-fNote Added: 0002715
2009-06-30 15:16mike-fNote Added: 0002717
2009-06-30 15:18luca-endianNote Added: 0002718
2009-06-30 15:21mike-fNote Added: 0002719
2010-09-21 20:16peter-endianNote Added: 0004809
2010-09-21 20:16peter-endianStatusacknowledged => resolved
2010-09-21 20:16peter-endianFixed in Version => 2.4
2010-09-21 20:16peter-endianResolutionno change required => fixed
2010-09-21 20:16peter-endianAssigned To => peter-endian
2010-11-22 11:51peter-endianStatusresolved => closed

Notes
(0002448)
luca-endian   
2009-06-01 15:00   
The problem happens on blue with hotspot activated as well.
This may lead configuration problems or connection slowdown.

It happens always before and after login.
(0002462)
peter-endian   
2009-06-04 16:01   
Can you please try to download the proxy.pac file when the proxy is disabled?

In that case the proxy.pac file should configure the browser automatically in order to go directly!
I think that's the correct way, rather than making the file inaccessible.
(0002483)
simon-endian   
2009-06-08 14:33   
i agree with peter. if proxy.pac orders to go directly it is the right behaviour.
(0002485)
luca-endian   
2009-06-08 15:06   
ok.. my fault
I've re-checked you are right, the file is always downloadable but tells to go direct and that's right :)

I believed to the customer that told that he had problems, I didn't control the content of the file.
(0002666)
luca-endian   
2009-06-24 08:38   
I changed my mind.

I've discovered a pc which has problem with proxy autoconfiguration in our office.

efw: Mercury without proxy http
Pc: Windows XP
Internet explorer 7 with proxy auto: works fine
Firefox 3 with proxy auto: doesn't work
Firefox 3 without proxy auto: works fine

I renamed the proxy.pac to make it unreachable then
Firefox 3 with proxy auto: started working

This discover let me think that users, who complained about this problem, are right, and probably somewhere there is a problem.

I don't know if there is a typo in the proxy.pac, but probably in order to avoid any possible mistake I would go for proxy.pac unreachable with proxy disabled.

You never know, maybe in certain condition the proxy.pac is wrong.
That's just my suggestion..

Here is the proxy.pac content:

function FindProxyForURL(url, host)
{
        if (isPlainHostName(host) ||
                shExpMatch( url, "*192.168.58.15*" ) )
                return "DIRECT";
        else if (host == "127.0.0.1")
                return "DIRECT";
        else if (isInNet(host, "192.168.58.0", "255.255.255.0"))
                return "DIRECT";

        else
            return "PROXY 192.168.58.15:8080; DIRECT;";

}
(0002693)
peter-endian   
2009-06-29 14:21   
for a disabled proxy, this proxy.pac output is wrong!

it must be *always* DIRECT. that should work with every browser, otherwise the browser is not proxy.pac capable and should not even try to download that file.
(0002708)
luca-endian   
2009-06-30 13:40   
Mhh the above output is what I have..

At first sight I don't see any line in the proxy.pac script for the PROXY=off case but maybe I'm wrong.
(0002710)
mike-f   
2009-06-30 14:00   
using
   return "PROXY 192.168.58.15:8080; DIRECT;";
the clients first tries to connect using the proxy (which is turned off)
if that fails he goes direct



shouldn't it just be this?


function FindProxyForURL(url, host)
{
   return "DIRECT";
}
(0002711)
luca-endian   
2009-06-30 14:13   
I agree,
something at the beginning like:

if PROXY=off
then
 go DIRECT
 exit

So we are sure that nothing can spoil that file.. just a suggestion
(0002715)
mike-f   
2009-06-30 15:09   
in the case of "proxy=off" the proxy.pac should only contain
   return "DIRECT";


the if-clause (PROXY=off) is not needed
(and will consume client-time for searching & calculating as it will not find the proxy)
(0002717)
mike-f   
2009-06-30 15:16   
ack - file should exist

in case somebody is pushing rules over Group Policies ("use the following proxy for IE") admins won't have any issues in Windows-Domains when proxy.pac is not existing
(0002718)
luca-endian   
2009-06-30 15:18   
The if clause was intended to be placed on the perl script which returns the proxy.pac
(0002719)
mike-f   
2009-06-30 15:21   
tnx for the hint
;-)
(0004809)
peter-endian   
2010-09-21 20:16   
it is DIRECT now when proxy is disabled