IssueTracker

I attend an African Institution which has issues with providing meaningful tech support to students. The bureaucracy that runs the place is murky and finding someone able to help you acquire such 'obscure' proxy details as mentioned in the OP is very difficult.

I had an iPod Touch which was able to connect to the proxy with no trouble; however, my Android phone has major issues. Support for Proxy PAC files would be a huge help, as Android devices are becoming increasingly popular due to the wide variety of hardware/cost choices.

You can try Drony. Until it is fixed in android.

Is this ever going to get fixed ?

Can anybody on the developer side explain why this isn't an issue of priority.

Is it not inline with core development objectives?

I can't comment on the issue type criteria, but this seems more of a 'functionality' than 'enhancement'.
It's been an ongoing request for (literally) years, if not here then in the wider sense. Yet still only priority 'medium'?
It seems odd that it's not treated with any more urgency, as in these days of widespread, commonplace BYOD, the inability to natively use PAC files (when desktops and iOS can) appears an increasingly huge omission. It will affect corporate thinking and the uptake of devices running Android in corporate environments.

Maybe there is much more to it than I know about?

What I find interesting is that this is already implemented for the Google Play for Education tablets running Android 4.4. Why are you fragmenting support?!

https://support.google.com/android/a/answer/3429624?hl=en

"Configure proxy settings for wireless networks. Options are None, Manual, and Automatic Proxy Configuration. If you select Manual, you’ll need to enter Proxy hostname, Proxy port, and the URLs of any sites that are allowed to bypass the proxy (Bypass proxy for). If you select Automatic Proxy Configuration, you’ll need enter a URL for a Proxy Auto-Config (PAC) file. Note: Automatic Proxy Configuration is only available for tablets running Android 4.4 or later. See below for more info on using Proxy settings to make sure SafeSearch is enabled for all students."

That's not *quite* the same thing. The idea is that DHCP option 252 can be used to 'tell' a device where the PAC file is, meaning there is no administrative overhead associated with URL configs and the like.

For this feature, the 'star to follow' system is flawed.  Most end users have no idea what a pac/wpad is.  There are thousands of people in the organization which I work for who would MASSIVELY benefit from this feature but only network administrators and the tech savvy are going to star the topic because they're the only one's who actively know how much of a benefit it would be.  You may as well add at least 500 stars for the colleagues I represent (and that's just speaking for me).

Sorry guys. I found a workaround but forgot to post it here. IN YOUR SCHOOL OR PLACE OF WORK, download the pac file to your device. Using a text editor (I recommend Jota+), open the file and scroll to the bottom. If you can't open it, try renaming the file and appending ".txt" to the end. You should see a line that says something like

return "PROXY address.domain.edu:1234; PROXY address.domain.edu:1234;"

Here, address.domain.edu is the url, and 1234 is the port. You can enter this information into the manual slots and connect normally

So far, Drony seems the best (non rooted) solution (HUGE thanks to sandro/drony developer for saving us from binning all our Android devices!!).  Proxydroid is what I favour (but that only works with rooted devices).

That still doesn't excuse the fact that this should have been implemented long before we reached android v3 as a core part of the OS just like any other regular mainstream OS.

shaans workaround (#13) is great, but not (I feel) practical in a large environment. Similarly, the Drony solution has the same issues.
I want to be able to locate the PAC file (or even a text file) within the network, direct devices to it using a DHCP option, and have the devices pick up proxy instructions in this way.
The goal is to have a BYOD device that 'just works' in the office, using the office internet access facilities, but still works away from the office (at home, for example).
shaans - does the renaming solution differ significantly from manually configuring proxy use instructions? Will a device thus configured then work seamlessly elsewhere, with no further intervention?
I'm dealing with senior members of local government. 'Just works' is a lofty goal, but it is the only one that will work with these clients.
(#12) - jholyo - sums it up nicely. It is individual admins and PMs who are experiencing the issue, but are representing many hundreds, if not thousands or ten s of thousands of users. I am one person posting here, but I am representing 1000 permanent local government staff on a single project. I have another project later this year for a District Health Board where the solution will be rolled out to over 60000 people. It's a shame they can't all 'star' this thread.

by Drony support:

#13 You can use what you find in pac file as main proxy.
But pac file meaning is that you have some logic how to behave on different url's.
So for example intranet url's doesn't hit proxy, or you have different proxies for different url's.

#11 Yes. Dhcp 252 is not working.
Tried also to implement this in Drony with custom dhcp query,
but find out that is not working without rooting device.

So far Drony can use some external url to fill input data to help user in setting up device.
https://code.google.com/p/sandrop/wiki/DronySettingsWizard
https://espace.cern.ch/webservices-help/CERNLibraryProxy/BrowserConfiguration/Pages/Android.aspx

Not feel quite right to post Drony stuff here,
so send mail to supp.sandrob@gmail.com if you need more info
or have some change requests.

this is a big issue to me ,
hope it will get fixed soon .

FIX IT PLEASE

I'd almost managed to put this issue out of my mind.
Issue? Yes. Apple devices are more expensive but are now being chosen by large organisations in preference to something running Android because of issues with compatibility and configuration. This is one such issue, and having now spoken with a number of major organisations representing (literally) many tens of thousands of users, I really don't feel this is being blown out of proportion. Exactly this issue has now cost me, personally, money and business - I have been approached to implement BYOD for large organisations and have had to explain the options with regard to Android. The unanimous response has been to opt for an easy, low-maintenance and low-overhead, solution. And sadly, it wasn't Android.
I've been using a Windows phone recently, but I still prefer to use Android (personally). Fix this problem and I can wholeheartedly recommend my personally preferred solution to clients, but the longer it takes, the more entrenched other solutions become. Change does not come easily to government, and changing twice is significantly more than twice as hard.
It's nearly 2 years since this was raised and I am not aware of any progress.

Priority - medium?
Opportunity - missed.

Of course, there may be real technical reasons why this hasn't been implemented. If so, please put us out of our misery and EXPLAIN!!!

It looks to me this is fixed in Lollipop.

Settings -> Wifi -> Add Network -> Advanced Options -> Proxy: Proxy Auto-Config -> PAC URL https://www.example.com/proxy.pac

[Comment deleted]

[Comment deleted]

In the lollipop version can the server push proxy pac when establishing a vpn connection.I believe this method of setting will get totally ignored once we establish the vpn connection.
Thanks

but you can't set a global PAC for all wifi connection in lollipop?

Why can't it find PAC/WPAD file automatically?
Why WPAD discovery can't be enabled for every connection by default?

If that is the method of fixing it in Lollipop then it isn't at all fixed. Proxy PACs are supposed to be automatically found, not just specified on each device - what use would that be if you have people bringing in their own devices? It'd be a nightmare supporting that.

Have recently had this issue with BYOD android devices since we implemented a proxy in our guest WiFi,

Why is this issue marked Obsolete as there is still no automatic support for proxy configuration - you either have to manually specify a proxy, or manually specify a pac file,

Android should behave like other mobile OS's or browsers which support wpad entries and true automatic configuration, without this it causes unnessecary work for the IT Support Desk

what clown obsoleted the ticket?
google, ad giant who doesn't want users devices to access the internet?

is there another ticket for this? has it been resolved in v5?

Yes it has been. Check advanced settings in wifi. For lower you can use Drony.

No automatic options in advanced wifi settings,

Per connection advanced settings have the following options

none
Manual
Proxy Autoconfig (which is still manually specified)

So you either need to give users a dns name + port to manually specify a proxy, or give users a URL to manually specify a PAC file,

Any other device, connect to a wifi network and as long as the device or browser hasn't had automatic discovery turned off, then it will find the proxy by itself using wpad.dat

So automatic configuration of proxy settings is still missing from android, not an option to tell BYOD users to install a 3rd party app to cover missing features from their device either.

is there any update on this issue?

This is not resolved in android 5.x.

There still exists no option to have the PAC file auto-detect via DHCP or DNS.

You can manually enter an 'auto config' location (which is quite the oxymoron) though.

>>This is not resolved in android 5.x.


At least, so it is not necessary to put a bunch of crutches and root device. So no wonder we are in the organization moved to a more user-friendly platform on.

In my case i have one URL which block all ads. In iPhone its working fine when i put my URL in WiFi auto config on iPhone but in android its not working

This has been closed? It is my understanding that Android still does not support wpad.

It's still not working in Android 6.0s. Need to be reopened.  

If you are a school having this issue with BYOD devices look up Blue Reef Sonar. It  funnels direct HTTP and HTTPS requests to a proxy server completely eliminating the need to configure anything.

Why is this issue closed when it hasn't been resolved? PAC files still need to be manually entered.

[Comment deleted]

I don't think the auto-discovery of pac file (WPAD, https://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) is a big issue since in an enterprise or organization you can do the auto-proxying on your server-side.  I would rather prefer to let the clients use direct connection and then implement the auto-proxy stuff in the wireless router, since it's simpler for end users.

@Luan How would an enterprise or organization auto-proxy without wpad? If you mean transparent proxy, it breaks a lot of stuff because both client and server have no way of knowing there is a proxy.

+1 to chicocvenancio comment.

The only way to use a proxy server seamlessly without requiring the user to configure it manually is using WPAD.

* Full NAT solution is not equivalent since Firewalls can not implement features that Proxies can implement, like cache and authentication.
* Forwarding packets to Proxy (aka. transparent Proxy) is a terrible solution since it breaks SSL/TLS certificates of websites, requiring you to generate a certificate to the proxy server and force all your users to trust on it.

So yes, this is a big deal.

Get a Blue Reef Sonar. Made for education and forces proxy settings on any Android device without breaking SSL/TLS.

#44, sure it will break things.  The main purpose of SSL/TLS is to made a secure end-to-end communication and avoid man-in-the-middle attacks.  If it would be possible to anyone to intercept a SSL/TLS communication without breaking everything (specially through a simple proxy server), HTTPS security would be meaningless, since it become susceptible to man-in-the-middle attacks.

*Maybe* it is possible to avoid SSL/TLS certificate errors paying for a valid certificate for the proxy server (and maybe your solution works that way, dunno).  But if this solution is viable, it sound terrible for me.

I don't know exactly how the "Blue Reef Sonar" works, but I would guess it does not work like a standard web proxy.  It probably is a proprietary multi-layer web filter, and surely has several limitations in respect to HTTPS.

Anyway, I don't think it is productive to discuss alternatives just not to implement a functionality that any Android should already have.

#43 #44 #45
Normal proxy intercepts just http. https requests makes tunnels and no mitm should be performed. You can make transparent proxy that way. SandroProxy makes it directly on device. Also Drony makes transparent proxy, but with help of vpn mode.

No MITM, It works by reading the destination servers host name from the SSL handshake which is the only thing transmitted in clear text before encryption begins. It then creates the tunnel the same way a proxy connect does.

I agree that there is no reason why Google should not implement pac but it's obvious now that they never will. The state of proxy support on Android has always been a joke and its unreasonable to expect end users to install apps to support it.

It's crap like this that really makes me hate Google over all the GOOD they are capable of doing (and no, I don't particularly mind they make a few bucks along the way).

As mentioned earlier in this thread; this STAR rating system to upvote FIXES is a JOKE - I too manage a large network of a 1000 devices, a fifth of which are Chromebooks, FFS!

My answer was to BAN all Android devices from connecting to Corporate services; if I find them sneaking on via WiFi they are then blacklisted on the controllers.
My reasoning to senior management is that they do not support our network infrastructure without more $$$$$ for upgrades (which other devices do not require).

It's even sadder still that AFTER ALL THIS TIME; the auto config option still doesn't work as even when pointed MANUALLY to the wpad.dat/proxy.pac file, the device refuses to send HTTPS traffic to the port specified in the file.

I'm stunned that something so widely accepted and supported is continually being overlooked by Google. Maybe there's a really good reason for it not being implemented... I din't know, and I can't think what the issue might be.

Google - without this you are not being accepted as a viable OS in a large corporate network.

So if this thread is OBSOLETE - notice there was Zero comment to #27 and #29, where has this "LIVE" issue been parked in the Google-sphere?

How can we keep up the pressure and comments and votes for fixes when tickets are CLOSED?

Heh, while I do not manage a large corporate network, I do assist with a school network that uses a squid proxy for content filtering and use wpad on the network.  I run the same style network setup at home, and to my amazement I found that none of my Android devices could properly connect.  Everything else in the house could, then I run into this.  It's a shame that Android devices don't have support for WPAD out of the box, and makes me question, why?  I use a proxy for content filtering, as in, helping get rid of advertisements... Maybe the "Advertisement Engine" known as Google doesn't want people to easily block adverts at a network level?

Manually entering proxy information on devices will be a royal pain for any users that bring their own device, and is enough trouble to just result in a block of anything Android in a network.

I think the reason for this ticket to be obsolete is mostly because there is no defined standard for WPAD.  But it is frustrating anyway, since several devices already support it, despite the lack of a defined standard.

It was already cited, but we should not rely on this feature being implemented in the near future.  The best solution so far is:
* use some third party app, like Drony.
* use transparent proxy (which will require a certificate to allow HTTPS traffic).

This ticket cannot be obsolete because none of android devices -neither lollipop- work with PAC. PAC is very useful in large companies that use extensively Proxy Automatic Configuration for security, control and management reasons.

Maybe they can fix the problem if send IP address from Wireless Interface as a result of myIpAddress() function instead loopback (127.0.0.1)? I don't know... it's just one idea.

Actually, a big company should not rely on a non-standardized resource and expect that any device will support it.

I am using WPAD in a company that I support, and a native support for Android devices would be a must for me.  But instead of complaining, I try to understand why it is not supported.

The inclusion of a JavaScript parser to configure the network is not an easy task to do.  Maybe the support for WPAD should be offered by browsers (Firefox, Chrome, etc), and not by Android core system.

WPAD Support for some browsers is good idea but the problem is not just browsers... the problem is all crap that normal users use (whatsapp, fb, etc) so, proxy automatic configuration as system for all apps is easier way for non technical users. Well this is just an idea not mandatory.

Little off topic.
As developer of Drony I can make custom app that fits your needs if anyone interested.
It could get additional admin rules from some url, redirect ports as is done for 5222 and 5228 currently,...

#55, PAC files are intended to be used with browsers, that are supposed to work with HTTP protocol.

Some apps, like Whatsapp, doesn't rely on the HTTP protocol itself, so your assumption of a system wide support for WPAD will not make everythink "just work".  You may need NAT anyway.

Well, right now if you use PAC file as automatic proxy configuration in your network interface (linux/mac based) or internet options (windows based) and all your browsers and applications have default configuration (use proxy system / automatic detection) can navigate without problems with http, https and socks. It works as I say for me using PAC and SQUID proxy.

Now a days HTTPS is used to get free proxies on internet and NAT is not good choice if you wanna get Internet Access Control and save Bandwidth.

Mac, Debian and Windows work fine, Ubuntu somtimes needs change its /etc/hosts to get real IP as hostname inverse lookup but works. Some cellphones work without problems, just androids don't work automaticly (and root is not an option)... I solve problem with androids using manual proxy (manual solution) with independent VLAN WLAN or sending all traffic to limited bandwidth VLAN WLAN network.

And this is the crux of the issue. If you are looking after a network of thousands of people, and have chosen to issue them with Android smartphones, how do you manually configure those phones for operation onsite on a wireless network? Configuring each phone individually just isn't an option.
Consequently, many organisations end up spending far more money on Apple mobile devices instead.

I really can't see why google chooses to not offer a reason to ignore wpad.
In networks I manage android devices fall into the transparent proxy and get throttled while devices that listen to wpad get faster connection. Google should at least acknowledge the issue.

[Comment deleted]

Thank you google for not listening to our needs.

Oh wow, this is still closed?

How do you get an engineer who understands the issue to check on things like inappropriately closed issues?

Google ativa o Proxy auto config nos dispositivos meu filho! Só vocês não fizeram isso ainda. Essa historia de ativar o automático no aparelho e ter que digitar o endereço completo é muito bizarro. A opção 252 no DHCP deveria ser contemplada nos Android.

O Chrome mobile ativar o wpad.dat, mas somente o Chrome, conexões que partem de outras fontes são diretas.

Gracias a esto, voy a recomendar iPads, es un dolor de cabeza tener usuario tras usuario, tras de mi para configurar el proxy

Our company use proxy and also for wi-fi now, we can not get everyone to change devices. Any actions planned for resolve this problem?

Could you add a support for proxy auto-config (wpad.fq.dn resolution or/and DHCP option 252) to Android? Please!

not apk wpad for android client?

guess it is no longer supported because WPAD has some serious security risks. Search for BadWPAD to find details.