Setting Up WPAD Autoconfigure for PFSense Router

Setting Up WPAD Autoconfigure for PFSense Router

WPAD stands for web proxy auto discovery protocol. It is a protocol that helps clients to locate the URL of a configuration file using DHCP and/or DNS discovery methods. In our guides so far, we have installed pfsense firewall and made some basic configurations.
We also went as far as installing squid and squidguard, to help us cache, monitor bandwidth usage and allow or block access to certain sites.

In the squid proxy server and squidguard configuration guide, we used a compination of transparent proxy, squidguard, certificates to block both http and https traffic.
In this guide, we are going to make some assumptions:
1. That we do not need transparent proxying.
2. That we do not have any domain controller like openldap, microsoft active directory server, samba4 on our network.

3. We want to filter HTTPS traffic.

4. That we want to enable squid authentication.(This will be treated later)

All of this , cannot be achieved with transparent proxy.

Please note: At any point in time, I will recommend having some form of domain controller. If you need a free offering, you can always use the samba4 domain controller to serve as your dns server for the local network. Visit this In the absense of budget for the domain controller hardware and the likes, feel free to continue using this guide “Setting Up WPAD Autoconfigure for PFSense Router.”  to autoconfigure ip addresses on client machines.

Following our assumptions, we will begin by turning off transparent proxy on our pfsense router.

Setting Up WPAD Autoconfigure for PFSense Router.


After logging into pfsense box, Navigate to services => squid proxy server and locate the transparent proxy setting. Simply untick the transparent HTTP proxy box and then click save.

transparent proxy off

At this point, an attempt to access any site should fail.

To enable Setting Up WPAD Autoconfigure for PFSense Router, we will create three(3) files called wpad.dat, wpad.da, proxy.pac. These 3 files should have the same javascript content as shown below.

function FindProxyForURL(url,host) {

return “PROXY”;


Simply copy this function and paste in the three files you created earlier. I will be using a windows computer to create these files. Open up notepad, paste the content into notepad and save with the correct file extension of .dat, .da, .pac.

Now, I have also installed a WinSCP,  a freeware windows client for the SCP (secure copy protocol),

This allows us to transfer files securely across the network using SSH  protocol. We will use WinSCP to transfer the 3 files to the pfsense /usr/local/www directory.

Before we continue, let us enable ssh on our pfsense machine. Navigate to system => advanced =>ssh secure shell. Tick enable ssh. Leave the other defaults. If you will like to continue using port 22 for ssh, then simply click save button.

enable ssh

Now, launch your WinSCP program, enter the ip address of the pfsense router to connect to. Also enter the required port number. Enter in the correct username and password for an admin account in pfsense and click on login.


Now the Winscp is divided into two screens. The left screen is for the windows machine where you have your created files. The right screen is your pfsense machine where you will transfer the files to.

Next, drill down to where you have your created files in the left pane. Select them as shown in (a) below. Also drill down to where you want to transfer the files to at the right pane which is for the pfsense box. The location in /usr/local/www directory.

Now click upload as shown in (b) below. After it uploads, you should see your files in the right pane(pfsense box) as shown in (c) below.


Now, continuing in our Setting Up WPAD Autoconfigure for PFSense Router, we need to configure dns using the dns resolver in pfsense. Navigate to services => DNS Resolver. The only thing you need to do here is to locate your host overides and click on add.

Now enter in the hostname of wpad

enter in the domain name on your pfsense box. In our case, it is carehealth.local.

enter in the ip address of the pfsense box.

enter in a description.

dns resolver host overrides

At this point, you pfsense box may have a domain name of localdomain. Please change it to carehealth.local or any name of your choice.

Go to system => general setup. Change the domain name to carehealth.local(or something of your choice)

Now on a client machine, try to ping wpad.carehealth.local. You should get a reply.


If you configured your web configurator to use https, simply change it to http. Go to system= > advanced and change it to http. You may be locked out at this stage. Simply clear your browser cache and log in again. You should be good to go now.

Now restart your client machine and attempt to access a site that was blocked.

Try to access an allowed site like google.

Yeah! Our Setting Up WPAD Autoconfigure for PFSense Router really works. However, take the note on using a dedicated domain controller seriously, because with that, you will be able to use group policy to push proxy settings to clients easily.

View this guide for details on pushing proxy settings to clients using samba4,

Thanks for your time!

Did You Enjoy What You Read? Sign Up To Our News Letter
I agree to have my personal information transfered to MailChimp ( more information )
Join over 1.000 visitors who are receiving our newsletter and learn how to design networks that work using open source technology and commercial offerings. Also learn how to proactively defend against security threats.
We hate spam. Your email address will not be sold or shared with anyone else.
Share This.