Answer
In GFI WebMonitor load balancing and High-Availability are possible by altering the proxypac.pac file that is delivered to machines from the network via proxy auto discovery. A Proxy Auto-Configuration (PAC) file is a JavaScript function definition that determines whether web browser requests (HTTP, HTTPS, and FTP) go direct to the intended destination or are forwarded to a web proxy server.Follow these steps to make the required changes to the proxypac.pac file:
- Open the installation folder of GFI WebMonitor and locate the proxypac.pac file.
- Open the file with notepad or another text editor.
- Search the file for the line: “function GetStandardProxy(url, host)”
This is how the file looks like:
function GetStandardProxy(url, host){ if(host == "127.0.0.1"){return "DIRECT";} else{return "PROXY %PROXY_IP%:%PROXY_PORT%; DIRECT";} }
- Replace the "else" option with your parameters
First example:
if (myIpAddress() == "192.168.97.43"){return "PROXY 192.168.97.44:8080; PROXY 192.168.97.42:8080";} if (myIpAddress() == "192.168.97.40"){return "PROXY 192.168.97.42:8080; PROXY 192.168.97.44:8080";} else {return "DIRECT";}
Instead of the server IP, you can add the server name and domain e.g. SVR2008-1.domain.com where:
- SVR2008-1 - is the name of the server.
- Domain.com - is the name of your domain.
In this example:
All machines have just one network card and all the IPs are in the same network. Both proxies are configured in Simple Mode and have “Listen on all” enabled. Only one of them has WPAD enabled.
- 192.168.97.44 - is the IP of the proxy server which has WPAD enabled
- 192.168.97.42 - is the IP of the other proxy server which does not have WPAD enabled
If the client IP is 192.168.97.40 - the browser tries to connect first to the proxy 192.168.97.42:8080; if that is not available it tries connecting to proxy 192.168.97.44:8080. If both connections fail, the browser uses the last argument – “Direct” to go straight to the gateway without using any proxy.
Second example:
if (isInNet(myIpAddress(), "192.168.96.16", "255.255.255.248")){return "PROXY SVR2008-1.domain.com:8080; PROXY SVR2008-2.domain.com:8080";} if (isInNet(myIpAddress(), "192.168.97.40", "255.255.255.248")) {return "PROXY SVR2008-2.domain.com:8080; PROXY SVR2008-1.domain.com:8080";} else{return "DIRECT";}
In this example:
The machines are divided into two networks. The first network contains the IPs 192.168.96.16 with mask 255.255.255.248 (meaning hosts from 192.168.96.17 - 192.168.96.22). The second network contains 192.168.97.40 with mask 255.255.255.248 (meaning hosts from 192.168.97.41 - 192.168.97.46).
The machines with WebMonitor have two network cards, so that they are visible to all the clients.
The first proxy machine: SVR2008-1.domain.com – has the IPs 192.168.96.17 and 192.168.97.44. It has WPAD enabled.
The second proxy machine: SVR2008-2.domain.com – has the IPs 192.168.97.19 and 192.168.97.41. It has WPAD disabled. This machine can have only just one network card, the one with the IP 192.168.97.41 so that it is visible to the machines from 192.168.97.40 255.255.255.248 network.
If the client IP is 192.168.97.42 – the browser tries to connect to first the option
PROXY SVR2008-2.domain.com:8080; if that is not available it tries PROXY SVR2008-1.domain.com:8080. If both fail, it uses the last argument – “Direct” to go straight to the gateway without using any proxy.
If the client IP is 192.168.96.18 – the browser tries to connect to the first the option
PROXY SVR2008-1.domain.com:8080, if that is not available it tries PROXY SVR2008-2.domain.com:8080. This is possible only if the second proxy machine has also two network cards. However, if the proxy with WPAD enabled is off, then the internet works only for a period of time, or until you reset the browser. If both fail, the browser uses the last argument – “Direct” to go straight to the gateway without using any proxy.
NOTE: You can adapt the script to your network setup and needs. Javascripts need to be edited carefully. A missing comma or bracket can make the script to malfunction.
- Once the change is done, restart all GFI WebMonitor services and test. Delete the browser’s history from the client to bring a new WPAD.dat file.
See also: