If you like BoxMatrix then please contribute Supportdata, Supportdata2, Firmware and/or Hardware (get in touch).
My metamonk@yahoo.com is not reachable by me since years. Please use hippie2000@webnmail.de instead.
Property:WPAD
| BoxMatrix >> Lexicon >> Network-Protocols >> WPAD | @ BoxMatrix - IRC-Chat - Translate: de es fr it nl pl |
| News | Selectors | Models | Accessories | Components | Environment | Config | Commands | System | Webif | Software | Develop | Lexicon | Community | Project | Media |
| Computer | FRITZ | I18N | Telephony | Smarthome | Internet | Protocols | Multimedia | Formats | Hardware | Research |
Protocol
| Protocol: | WPAD | Wiki | Freetz | IPPF | whmf | AVM | Web |
| Short for: | Web Proxy Auto-Discovery Protocol | ||||||
| Location: | Lexicon >> Network-Protocols | ||||||
| Weblinks: | Wikipedia.int - Wikipedia.de - draft-ietf-wrec-wpad-01 | ||||||
| Description: | Automatically acquire HTTP Proxy settings | ||||||
Goto: FRITZ!OS - SMW-Browser
Details
WPAD is an old protocol designed 1996 by Netscape to automatically acquire HTTP Proxy settings.
A client discovers a WPAD server via DHCP (preferred) or DNS and fetches a Proxy settings script from it via HTTP.
WPAD never made it to a RFC and the IETF draft linked above expired in 1999.
However, it is still used and it's considered a big security risk today since it could be abused for MITM attacks[1].
FRITZ!OS
WPAD
FRITZ!OS does not use WPAD itself.
Protection
In FRITZ!OS 7.01 (2018-09) AVM added an optional WPAD protection, which is activated by default.
It is implemented in multid which is the DHCP and DNS server, and adds the domains wpad.box and wpad.fritz.box.
The filtering is performed by kdsldmod.ko, which is the routing core.
The setting is handled in the dnscfg ui-module, which is maintained by libcmapi.so:
dnscfg:settings/wpad_protection=1
This setting is stored in ar7.cfg which is maintained by libar7cfg.so.
