Deploying Web Browser proxy settings

This article details the options available for configuring web browsers for use with USS Gateway.

Manual Configuration of proxy settings

Manual configuration is useful for testing but can easily be overriden by the user. Consider a more secure method like Group Policy to secure the browser proxy settings for production use.

All modern web browsers support web proxies and the settings can usually be found in the Options menu. Examples are given in this section for the most popular web browsers.

Internet Explorer & Edge

Both Internet Explorer and Edge obtain proxy settings from system-wide Internet Options section of Windows Control Panel.

  1. Open the Windows Control Panel.
  2. Click Internet Options.
  3. Select the Connections tab.
  4. Click LAN Settings.
  5. Click Advanced.
  1. In the HTTP and Secure proxy address fields type the fully qualified domain name (FQDN) of the USS Gateway server, e.g. ussgateway.ad2012.local. This was determined when configuring Active Directory authentication. If you do not require Active Directory authentication, then the server IP address may be used instead.
  2. Enter the port as 8080.
  3. In the Exceptions field, enter both the FQDN and the IP address of the USS Gateway server.
  4. Click OK and restart the web browser.

Google Chrome

Follow the steps for Internet Explorer and Edge.

Mozilla Firefox

  1. Start Firefox and open the Tools menu.
  2. Click Options.
  3. Click Advanced tab.
  4. Click Network tab.
  5. Click Settings.
  1. In the HTTP Proxy and SSL Proxy address fields type the fully qualified domain name (FQDN) of the USS Gateway server, e.g. ussgateway.ad2012.local. This was determined when configuring Active Directory authentication. If you do not require Active Directory authentication, then the server IP address may be used instead.
  2. Enter the port as 8080.
  3. In the No Proxy For field, enter both the FQDN and the IP address of the USS Gateway server.
  4. Click OK and restart the web browser.

Group Policy Configuration

If you have an Active Directory domain environment you can use Group Policy to configure Internet Options (used by Internet Explorer, Chrome and Edge) automatically. Apart from ease of deployment, the other main advantage to using Group Policy is that the settings can be locked to make them tamper-proof.

Mozilla Firefox can sometimes need additional configuration for use with Group Policy. There are many third-party guides available online for this.
Windows Server 2012
  1. Open the Group Policy object to edit.
  2. Navigate to User ConfigurationPreferencesControl Panel Settings.
  1. Right-click on Internet Settings and select New / Internet Explorer 10 option.
  1. Edit the proxy settings to use the USS Gateway FQDN and port number as shown in the Manual Browser Configuration section, below.
  2. Push the changes out to your users.
Some users may need to reboot or run gpupdate /force for the proxy settings to take effect.

Web Proxy Auto Discovery (WPAD)

The Web Proxy Auto Discovery protocol (WPAD) method is used by web browsers to locate a proxy on the network and configure it automatically using an auto-configuration file (.pac) file. This is a third-party protocol and there are many resources on the Internet assist with configuration and troubleshooting.

For WPAD to work the browser must be configured for Automatic Proxy Detection.
Create the proxy.pac file

The Deploy section of the USS Gateway Local Settings allows you to publish a proxy.pac automatically based on the USS Gateway configuration.

If you want to edit or alter the published proxy.pac file, follow these steps:

  1. Log in to the command line using the Command Line and type sudo su to become root.
  2. Copy the automatically generated proxy.pac file to a new name so that your changes are not overwritten: cp /var/www/proxy.pac /var/www/myproxy.pac
Note that you must now use myproxy.pac as the filename in the next step.
  1. Type: nano /var/www/myproxy.pac to open a command line text editor.
  2. Make your desired changes. Please see a full list of available functions here.
  3. Save the file by holding down Ctrl+X and then press Y and then Enter.
Configure DHCP to issue the proxy.pac file

See Deploying via DHCP.

Enforcing Proxy Settings

It is important to ensure that network users cannot easily circumvent the proxy settings. There are a number of options available to you:

  • Use Group Policy Objects to lock down web browser proxy settings to avoid tampering
  • Create a rule on your corporate firewall to block access to port 80 and 443 from networked devices unless the request originates from the USS Gateway IP address. This will prevent any browser from working unless it is configured to use the proxy correctly.
  • Consider using the Captive Portal as an alternative authentication method.

If the above options are not possible, consider using USS Agent for Windows as an alternative.


How did we do?