Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to Turn Off (Disable) Web Proxy Auto Discovery (WPAD) in Windows Server 2008 R2

Tags:

windows

We have a web service that is running slowly in production. In QA and UAT it is fine but those are housed at our corporate HQs. But production is in a data center in the cloud. I ran wireshark and found that it is making at least 6 calls to NBNS WPAD (each one timing out), each taking about 3/4 of a second making it very slow. I want to turn off WPAD since the environment is not configured to use it but it is still making the calls and just wasting time.

My platform is windows server 2008 r2 with IE9. I want to completely disable WPAD DNS queries (and NBNS queries). We don't use a proxy. We don't use DHCP. I want to stop WPAD but I haven't been successful. I have tried the following: 1.disable "automatically detect settings" in IE 2.disable "use automatic configuration script" in IE 3.Checked that WinHTTP Web Proxy Auto-Discovery Service is not running automatically, it is set to run manual so I think that should be ok. 4.Executed "Netsh winhttp show proxy" which tells me Direct access (no proxy server).

What am I missing that needs to be turned off?

like image 473
user1778184 Avatar asked Feb 22 '13 17:02

user1778184


People also ask

Is WPAD enabled by default?

And even though WPAD is mostly used in corporate environments, it is enabled by default on all Windows computers, even those running home editions.

How do I stop WinHTTP?

Go to the "General" tab, and under "Service Status," click on the "Stop" button. Click on "Apply." This stops the service within the current Windows session.


1 Answers

Many suggestions around disabling WPAD focus on Internet Explorer user settings. While this will tell IE to not use auto proxy detection, it will not stop the WinHTTP Web Proxy Auto-Discovery Service from querying for wpad. Some have suggested disabling this service entirely, but as of Windows 10, it is required for the IP Helper service and not recommended to disable it.

In the MS16-063 notes, you can see their suggested workaround for the (fixed) vulnerability is to edit the hosts file (c:\windows\system32\drivers\etc\hosts).

255.255.255.255 wpad.

Although the patch fixed that specific vulnerability, the workaround is still an option for disabling WPAD. In my testing, it does stop the queries. As the article notes:

Impact of workaround. Autoproxy discovery will not work, and for this reason, some applications, such as Internet Explorer, will not be able to load websites properly.

Keep in mind that WPAD can be a good thing when setup properly. As with any advice from the Internet, be sure to do your own testing before applying any changes. For example, if you make this change to corporate laptops and they travel to a site that requires WPAD, they will not work.

Source: Microsoft forums.

Note that you can easily use Wireshark to see if a computer is doing wpad queries by using the filter: dns.qry.name contains "wpad"

like image 183
flakshack Avatar answered Oct 14 '22 04:10

flakshack