Hello I was wondering if there is any concerns that anyone has seen with pivoting and other invasive actions with using Apache 2 http server to host a WPAD.dat and Proxy.pac files on a Zero 2 W.
I use to utilize the firewall itself to serve wpad.dat wpad.da and proxy. pac files however it is not recommended and with the system running over https and wpad needing http it causes issues as I do not use the standard port. I was using a second http server on the box to get around this.
I purchased a Zero 2 w to put my WPAD files on.
Background WPAD helps rouge laptops find the proxy when they are set to automatic. Some remote users go from home to office etc. WPAD helps so users are not constantly having to manually set proxy settings with each network. Wpad is done over HTTP port 80 I was using a redirect with the DHCP option 252 and sending out a string with a different port that along with DNS set to static resolve requests to hostname WPAD has helped me for some time in my home network. Again it was not secure.
So long story short what must I change within Apache outside of adding the /www/ files in to make it secure. I want to make it so hosts can access and read download the wpad file but are not allowed to change anything or add anything on the Raspberry PI, I want to lock it down for one thing only WPAD.
How can I make it read only? What can be done to make it secure and block pivoting on my network ?
I use to utilize the firewall itself to serve wpad.dat wpad.da and proxy. pac files however it is not recommended and with the system running over https and wpad needing http it causes issues as I do not use the standard port. I was using a second http server on the box to get around this.
I purchased a Zero 2 w to put my WPAD files on.
Background WPAD helps rouge laptops find the proxy when they are set to automatic. Some remote users go from home to office etc. WPAD helps so users are not constantly having to manually set proxy settings with each network. Wpad is done over HTTP port 80 I was using a redirect with the DHCP option 252 and sending out a string with a different port that along with DNS set to static resolve requests to hostname WPAD has helped me for some time in my home network. Again it was not secure.
So long story short what must I change within Apache outside of adding the /www/ files in to make it secure. I want to make it so hosts can access and read download the wpad file but are not allowed to change anything or add anything on the Raspberry PI, I want to lock it down for one thing only WPAD.
How can I make it read only? What can be done to make it secure and block pivoting on my network ?
Statistics: Posted by jonathanlee — Tue Dec 10, 2024 5:37 am — Replies 0 — Views 21