An Introduction to WPAD (Web Proxy Auto-Discovery Protocol)

What Is WPAD

What is WPAD? It is the abbreviation of Web Proxy Auto-Discovery Protocol, which is also known as a PAC (Proxy Auto Configuration) file. WPAD is a protocol used by web clients to find the URL of a file containing network configuration or settings.

How Does WPAD Work

WPAD can use DNS or DHCP to locate the PAC file. DHCP detection involves pushing URLs to end users as part of a DHCP assignment, while DNS detection is based on educated guesses using known information about the DNS system.

The browser must be instructed to use WPAD, in most browsers, this is done by selecting a checkbox or button. This feature is most commonly called “auto-detection” and is often labeled as such. Browsers that support both methods will first check for DHCP assignments before attempting the DNS method.

The PAC file must have the file name wpad.dat for the DNS method to work. When using either WPAD method, the file must be served by the web server with the MIME type “application/x-ns-proxy-autoconfig”. If the browser cannot load the PAC file via DHCP or DNS methods, it will allow direct access to the Internet.

Should You Disable WPAD?

Security researchers warn that WPAD, which is enabled by default on Windows and supported by other operating systems, could expose computer users’ online accounts, web searches, and other private data.

Attackers could abuse these options to serve computers on the local network a PAC file that specifies a rogue web proxy under their control. This can be done on an open wireless network, or if an attacker compromises a router or access point.

Compromising the computer’s original network is optional because when computers are taken outside and connected to other networks (such as public wireless hotspots), they will still attempt to use WPAD for proxy discovery. Although WPAD is primarily used in corporate environments, it is enabled by default on all Windows computers, even those running Home editions.

Thus, you had better disable WPAD.

How to Disable WPAD

You can disable WPAD by the following 3 methods. You can choose one of them based on your needs. But you need to notice that all of the methods require an administrator account.

Way 1: Disable WINS/NetBT

Step 1: Press the Windows + I keys together to open Settings.

Step 2: Go to Network & Internet > Advanced network settings > Change adapter options.

Step 3: Next, right-click the network adaptor you use to connect to the Internet to choose Properties.

Step 4: Double-click Internet Protocol 4 (TCP/IP) and click Advanced.

Step 5: Go to the WINS tab and check the Disable NetBIOS over TCP/IP option.

Way 2: Via Local Group Policy Editor

Step 1: Open the Run box and type gpedit.msc. Press the Enter key.

Step 2: Goto the following path:

User Configuration\Administrative Templates\Windows Components\Internet Explorer

Step 3: Find Disable caching of Auto-Proxy scripts and double-click it. Click Enable, and click OK.

How to Fix “This Program Is Blocked by Group Policy” Error

When you fail to launch or install an application, you may receive an error message “This Program is Blocked by Group Policy”. Here are the methods to fix it.

Read More

Way 3: Via Registry Editor

Step 1: Open the Run box by pressing the Windows + R keys, type regedit and press the Enter key.

Step 2: Goto the following path:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc

Step 3: Find and double-click Start REG_DWORD to get into edit mode. Set the value to 4.

Final Words

Now, you have got basic information about WPAD. You can know what it is, how it works, and how to disable it on your Windows. I hope that this post can be helpful to you.