WPAD proxy auto configuration with nginx

This is supposed to be a little series of mine which I’ll be writing about how to deploy a personal LAN proxy which can protect your privacy by routing via a VPN.

It’ll also allow you to block websites (such as advertising servers), speed up your internet browsing, and even bypass government website blocking such as the UK government’s blocking of thepiratebay.se (which I can browse seamlessly thanks to my proxy).

I’ve not gotten down to writing how to set up the proxy yet, as I’m easing you into it :). So here is the guide of how to set up proxy auto-config for your proxy.

You’re going to need a machine you want to host the wpad.dat file which will serve your proxy settings. Oh, and you’ll need a proxy server.

  1. Create a new server block in nginx:

    nano /etc/nginx/conf.d/wpad.conf
  2. Paste into it the following, but edit to suit your setup:

    types {
    	application/x-ns-proxy-autoconfig dat;
    server {
    	server_name		wpad.pyronexus wpad; # This HAS to be wpad.yourdomain and/or wpad.
    	access_log		/shares/www/logs/wpad.access.log;
    	error_log		/shares/www/logs/wpad.error.log;
    	root			/shares/www/wpad;
    	# You should keep below here the same, this will redirect all requests to wpad.dat or 404
    	# Which is all http://wpad.yourdomain should serve.
    	location / {
    		return 301 /wpad.dat;
    	location /wpad.dat {
    		try_files /wpad.dat =404;
  3. Save the file, and reload nginx:

    systemctl restart nginx
  4. Create a file called wpad.dat in the root you specified in nginx and in its contents, populate something similar to this (editing it to suit your setup):

    function FindProxyForURL(url, host) {
    	var proxy_on = "PROXY";
    	var proxy_off = "DIRECT";
    	var network = "";
    	var subnet = "";
    	var proxy_bypass = new Array(
    		"amazon.com", "*.amazon.com",
    		"amazon.co.uk", "*.amazon.co.uk",
    		"channel4.com", "*.channel4.com",
    		"c4assets.com", "*.c4assets.com",
    		"pyronexus.com", "*.pyronexus.com"
    	// Below here evaluates the above.
    	// Bypass proxy for local web servers in the same subnet as the client.
    	if (isInNet(host, network, subnet)) {
    		return proxy_off;
    	// Bypass proxy for those listed under proxy_bypass.
    	for (var i = 0; i < proxy_bypass.length; i++) {
    		if (shExpMatch(host, proxy_bypass[i])) {
    			return proxy_off;
    	// Everything else not caught by the above, should be checked to see if it is HTTP, HTTPS or FTP
    	// before sending to a proxy server.
    	if (shExpMatch(url, "http:*") ||
    		shExpMatch(url, "https:*") ||
    		shExpMatch(url, "ftp:*")) {
    			return proxy_on;
    	// Finally, send all other requests direct.
    	return proxy_off;
  5. Now you need a DNS entry for wpad, so you need to edit your DNS on your router or DNS server. The DNS entry needs to point wpad or wpad.yourdomain to the IP for the server you specified in nginx.
  6. Allow the DNS name time to propagate, speed it up by clearing your cache and reloading your DNS server. Once propagated, visit http://wpad or http://wpad.yourdomain and you should get a download of wpad.dat
  7. Now you need to set up the proxy settings on your client PCs to allow proxy auto config. Once you have done this, check the logs of squid, use chrome://net-internals/#sockets to view connections, and if you send your data over VPN, check your IP via the web.
  8. Enjoy your new auto proxy 🙂

Leave a Comment

Skip to toolbar