SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003413: WPAD.DAT syntax creation error - MantisBT
MantisBT - Endian Firewall
View Issue Details
0003413Endian FirewallProxy HTTPpublic2010-12-30 19:552011-07-13 08:20
jbellflowers 
peter-endian 
normalmajoralways
confirmedopen 
2.4 
 
0003413: WPAD.DAT syntax creation error
If an access policy rule set is created for unfiltered access from any source to Destination 10.0.0.0/22 with no authentication for any useragent, the WPAD.Dat entry for that rule is missing a closed parenthesis which invalidates the file and causes an error on workstations that attempt to access java based sites via Internet Explorer.

Specifically "Microsoft JScript compilation error" as the title and "Expected ')'" as the error message.

The WPAD.Dat file return has this in it:

else if (isInNet(host, "10.0.0.0", "255.255.252.0") {return "PROXY 10.0.0.1:8080; DIRECT";}

You'll note it's missing the closed parenthesis for the "isInNet" command.
No tags attached.
related to 0002845closed luca-endian Proxy.pac script error 
Issue History
2010-12-30 19:55jbellflowersNew Issue
2010-12-30 20:00jbellflowersNote Added: 0005426
2010-12-30 21:37jbellflowersNote Added: 0005427
2011-01-03 09:09luca-endianNote Added: 0005432
2011-01-03 15:03lorenzo-endianNote Added: 0005438
2011-01-03 15:03lorenzo-endianAssigned To => lorenzo-endian
2011-01-03 15:03lorenzo-endianStatusnew => feedback
2011-01-03 15:09jbellflowersNote Added: 0005439
2011-01-03 15:14lorenzo-endianNote Added: 0005440
2011-03-11 11:07luca-endianNote Added: 0005939
2011-03-14 16:08lorenzo-endianNote Added: 0005954
2011-03-14 16:08lorenzo-endianStatusfeedback => confirmed
2011-03-14 16:10lorenzo-endianAssigned Tolorenzo-endian => peter-endian
2011-03-14 16:16lorenzo-endianSeverityminor => major
2011-03-30 15:26lorenzo-endianRelationship addedrelated to 0002845
2011-07-13 08:20gvecchiNote Added: 0006968
2011-07-27 15:37gvecchiNote Edited: 0006968

Notes
(0005426)
jbellflowers   
2010-12-30 20:00   
Please ignore the access policy rule in the report above. It appears that rule set creation has nothing to do with the fact that the WPAD.Dat file returned is missing that parenthesis. You can probably recreate this with anything.
(0005427)
jbellflowers   
2010-12-30 21:37   
I manually edited the proxy.pac file on the endian to include the additional ")" in the output, but it then asks for authentication every time someone tries to visit a web page, so that must not be the solution.
(0005432)
luca-endian   
2011-01-03 09:09   
the proxy.pac file is a perl script.
You can add static lines in a custom file which is included by the script, this is the file: /var/efw/proxy/proxy.custom.pac
(0005438)
lorenzo-endian   
2011-01-03 15:03   
Hi jbellflowers,

I am trying to reproduce your problem and I would ask to you 3 details:
- which release are you running? Is it up to date?
- the HTTP Proxy is set as "transparent" or "not transparent"?

Thanks in advance!

Lo
(0005439)
jbellflowers   
2011-01-03 15:09   
We were running 2.4.1.
Proxy was set to Transparent.
We had altered the two files that are pending release to fix the stuck screen at applying proxy settings.

Running a text editor on the proxy.pac script, we found the line that generates the output of:

else if (isInNet(host, "10.0.0.0", "255.255.252.0") {return "PROXY 10.0.0.1:8080; DIRECT";}

In the script, it is also missing the parenthesis for generation. Internet Explorer appears to be parsing it okay, but the JSCRIPT compiler when visiting Java web pages appears to have the problem with the Expected ")" parameter. You can click past it and it appears to function, so it's a bit of a cosmetic issue I suppose.

Unfortunately after following one too many hotfixes here on the bugtracker, I believe I royally messed up the firewall, so this weekend I replaced it with a Mercury running 2.3. It's running perfectly fine.

It seems most of the issues occurred after updating to the 2.4.1 release from 2.4.

Hope that helps, and I'm sorry the unit is no longer in service to test further.
(0005440)
lorenzo-endian   
2011-01-03 15:14   
Hi jbellflowers,

no problem, the information you sent to me are of great value!

I will try to reproduce and hopefully fix (together with the developers) the problem as soon as possible!

Again, thanks for you support!

Lo
(0005939)
luca-endian   
2011-03-11 11:07   
If proxy is transparent you don't need any proxy.pac file to let your clients browse.

Anyway if the parenthesis type is confirmed this could make problems whether proxy is transparent but the browser is getting the proxy configuration.
(0005954)
lorenzo-endian   
2011-03-14 16:08   
Hi jbellflowers,

I can confirm that there are 2 missing parenthesis in the /home/httpd/html/proxy.pac file.

Moreover, at least on my installation, the automatic proxy configuration does not work as it should.

Thanks a lot for testing and for the info and the hacks provided!

Lo
(0006968)
gvecchi   
2011-07-13 08:20   
(edited on: 2011-07-27 15:37)
Hi all.
I'm running EFW Community 2.4.1
In my installation automatic proxy configuration seems to work well, browsers can configure themself (IE and Firefox) but proxy intercepts local domain and local ip addresses.

@lorenzo-endian: in which lines of /home/httpd/html/proxy.pac file parenthesis are missing?