AFNOG 2000 Workshop Series
Issues with WPAD and MSIE 5.x

The following is taken from a newsletter article printed for the University of Oregon Computing Center Newsletter in April of 2000. It has been reprinted for the AFNOG 2000 workshop for informational purposes.

Proxy Servers, Auto Discovery, and IE 5

Recent developments in the world of proxy servers may affect the way you browse the web

By Hervey Allen (hervey@oregon.uoregon.edu)

As you may already know, proxy servers are machines that speed your browsing time by storing local copies of web sites you visit frequently. This means that after you first access a site, you no longer have to wait for a page to load from a very remote or slow web server. Instead, web sites you've already visited load quickly from the local proxy. The proxy server also updates pages each time you revisit a site, to ensure you'll see the latest version.

Why Use a Proxy Server?

Speed. The major advantage of using a proxy is that it saves time and bandwidth. For modem users in particular, a proxy server can increase the speed of page retrieval dramatically.

Security. Another advantage is increased security. Because traffic going back to your machine appears to come from the UO proxy server, it's harder for hackers to find its true location. This protects your machine against typical security attacks, and it also makes it more difficult for anyone to track you for profiling or advertising purposes.

WPAD Changes the Proxy Picture for IE5 Users

Last July, a new mode of identifying proxy servers, called the "Web Proxy Auto-Discovery Protocol," or "WPAD," was introduced.

The advent of the WPAD protocol impacted computing at the UO because Microsoft decided to employ it in Internet Explorer 5. We quickly discovered that had we not decided to implement certain key pieces of WPAD, campus users of Internet Explorer 5 (which is included by default with Windows 98 2nd Edition and Windows 2000) would have experienced very long delays when they tried to use Internet Explorer's default configurations.

Furthermore, part of the WPAD protocol includes the use of a machine named "wpad.domain" (e.g., in the UO's case, "wpad.uoregon.edu"). This practice poses a potential security threat, as described below.

IE5/WPAD Security Loophole. The following scenario illustrates the potential security problem inherent in the WPAD protocol:

By default, Internet Explorer (read Windows 98 2nd Edition and Windows 2000) will look for wpad.uoregon.edu on the UO campus. If it finds this machine, it assumes it's a valid proxy server.

Because it might be possible for others to create a proxy server under the name wpad.uoregon.edu if we didn't create a server by that name, unauthorized parties could use their falsely identified proxy to get data from user sessions--and if they wished, they could also use it to capture secure information like encrypted credit card data. (Note that we do not use our proxy server for secure transactions.)

The setup for all this is actually more complicated. For instance, you can also use the UO proxy server for FTP sessions, or you can give clients pointers to the proxy server when they start up using DHCP records. This subject is too involved to discuss in detail here, but you can obtain a thorough explanation by pointing your web browser to http://micro.uoregon.edu/net_access/wpad_rfc_1999.html

WPAD at the UO

Considering the number of campus users who have Internet Explorer version 5, we felt it was important to implement the WPAD protocol to ensure that these users would not experience unacceptably slow start-up times.

Consequently, we created a wpad.uoregon.edu alias that points to our proxy machine proxy.uoregon.edu. This solution ensured that everyone already using our proxy server saw no change in service, and those who chose the default network settings for Internet Explorer 5 did not experience slowdowns.

How to Tell if You're Using the UO Proxy Server

If you're using Internet Explorer 5, you can see if you're using the UO proxy server by following these steps:

1. Go to the Start menu in Windows

2. Choose Settings

3. Choose Control Panel

4. Open the Internet Options control panel

5. Click on the Connections tab

6. Click on the "LAN Settings..." button in the LAN settings section of the Connections section

7. If the box "Automatically detect settings" is checked, you are using the UO proxy server. This can be quite misleading because there is a "Proxy server" section on the same screen that you can use if you want to manually configure your proxy server settings, and many people assume that if this is not filled out, a proxy server will not be used.

Note: If you uncheck the box "Automatically detect settings" and click on OK twice to close the control panel, the next time you use Internet Explorer you won't use the UO proxy server.

Need More Information?

If you have further questions about proxy servers, or how all this works, be sure to read the WPAD protocol document at http://micro.uoregon.edu/net_access/wpad_rfc_1999.html Or, you can contact Joel Jaeggli at joelja@darkwing.uoregon.edu

For general client configuration questions or troubleshooting, contact Microcomputer Services at 346-4412 or microhelp@oregon.uoregon.edu. You can also visit them on the web at http://micro.uoregon.edu, or in person in Room 202 Computing Center.

Back to Top