What is Web Proxy Auto-Discovery & How To Disable WPAD

Many users are experiencing connectivity problems on their devices due to WPAD misconfiguration. 

This protocol, designed to simplify proxy configuration, sometimes causes devices to inadvertently connect to the wrong proxy server or fail to connect altogether. 

This can lead to slow internet speeds, difficulty accessing certain websites, and overall frustration for users trying to browse the web.

There is a lot more to WPAD, such as how it works and how to disable it. In this article, we will look into it.

So let’s get started!

What is WPAD?

Web Proxy Auto-Discovery is a protocol that ensures all devices on a network have the same web proxy settings. Rather than individually configuring each device, network administrators can use WPAD to streamline the process. When enabled, Web Proxy Auto-Discovery searches for a Proxy Auto-Configuration (PAC) file and applies it automatically.

A common router has a default DHCP server configured to provide quick client connectivity. This DHCP server includes a default domain suffix (e.g., example.com) that will be issued to clients. When clients join the network via cable or WI-FI, they receive both the IP address and the domain name from the DHCP server.

If WPAD is enabled and no Web Proxy Auto-Discovery URL is explicitly supplied by the DHCP server after getting an IP address and domain suffix via DHCP from a router, the OS attempts to retrieve proper proxy settings for the connection using the following URLs:

https://wpad.department.branch.example.com/wpad.dat 
https://wpad.branch.example.com/wpad.dat
https://wpad.example.com/wpad.dat
https://wpad/wpad.dat

The DHCP server assigns the domain suffix, which replaces the. If you choose a publicly visible, fully qualified domain name (FQDN), the URL will be fetched from the Internet. If an attacker owns the domain used by the internal router and the client has Web Proxy Auto-Discovery enabled, the attacker can exploit system proxy settings to redirect internet application traffic through the attacker’s proxy.

All the attacker has to do is deliver the right PAC file in one of the above-mentioned places, and the client OS will use the configuration on the fly with no user intervention.

How Does WPAD Work?

WPAD can use DNS or DHCP to find the PAC file. DHCP detection requires sending URLs to end users as part of a DHCP assignment, whereas DNS detection relies on educated assumptions based on existing facts about the DNS system.

WPAD Work

Source: WPAD TECHNOLOGY WEAKNESSES

The browser must be prompted to use Web Proxy Auto-Discovery; in most browsers, this is accomplished by selecting a checkbox or button. This feature is most generally known as “auto-detection” and is frequently labeled as such. Browsers that support both methods will look for DHCP assignments before attempting the DNS approach.

To use the DNS approach, the PAC file must be named wpad.dat. When employing either Web Proxy Auto-Discovery approach, the web server must provide the file with the MIME type “application/x-ns-proxy-autoconfig“. If the PAC file cannot be loaded using DHCP or DNS, the browser will allow a direct Internet connection.

Is It Time to Turn Off WPAD?

Security experts alert users to the possibility that their online accounts, search histories, and other sensitive information may be compromised by Web Proxy Auto-Discovery, which is supported by various operating systems but is enabled by default on Windows.

These settings could be abused by attackers to deliver a PAC file containing the URL of a malicious web proxy they control to machines connected to the local network. This can be carried out over an unsecured wireless network or in the event that a router or access point is compromised.

It is not necessary to compromise the computer’s original network because machines will still try to use WPAD for proxy discovery when they are taken outside and connected to other networks (such as free wifi hotspots). Web Proxy Auto-Discovery is generally using in business settings, but on every Windows PC, including those running Home editions, it is activated by default.

As a result, you should turn off WPAD.

How To Disable WPAD?

There are two ways that you can use to disable Web Proxy Auto-Discovery. As per your needs, you can select one that works for you. However, keep in mind that each option needs an administrator account.

Way 1: Turn off WINS and NetBT

  • To launch Settings, press the Windows + I keys together.
  • Proceed to Network & Internet > Advanced network settings > in step two. Adjust the adapter’s settings.
Disable WPAD
  • Next, select Properties by right-clicking on the network adaptor that you use to connect to the Internet in step three.
  • Double-click on Internet Protocol 4 TCP/IP, and select Advanced.
Internet Protocol 4 TCP/IP
  • Click the WINS tab and select the option to disable NetBIOS via TCP/IP.
disable NetBIOS via TCP/IP

Way 2: Via Registry Editor

  • Step 1: To open the Run box, use the Windows + R keys, then type regedit and hit Enter.
Via Registry Editor
  • Step 2: Copy and paste the below path in the Registry Editor to reach it quickly.

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc

  • Step 3: Locate and double-click Start REG_DWORD to enter edit mode.
  • Set the value to 4 and click on OK.
DWORD 32bit Value

After that’s done, Web Proxy Auto-Discovery will be disabled.

Wrapping up

Devices connected to a network can find the ideal internet connection settings automatically with the help of Web Proxy Auto-Discovery (WPAD). But attackers can also take advantage of it. You may choose your level of protection wisely if you are aware of the possible hazards and how Web Proxy Auto-Discovery operates.

The best security is achieved by disabling WPAD; however, doing so necessitates manually setting up proxy settings on each device. If you are unable to disable Web Proxy Auto-Discovery, think about implementing firewalls and using caution when visiting websites as extra security measures.

FAQs on Web Proxy Auto-Discovery (WPAD)

Is there a drawback to turning off WPAD?

It is somewhat inconvenient, yes. Each device’s manual internet connection setup may require assistance from you.

How can I turn off WPAD if I can’t? How do I maintain my safety?

Not to worry! The following are some methods to increase security:

  • Consider firewalls and antivirus software as your computer’s guard dogs. Even if someone tampers with the internet connection, they can still be used to detect issues.
  • Exercise Caution When Browsing Online: Share no personal information on websites unless you are 100% certain they are legitimate.
  • VPNs consider your internet traffic as a secret tunnel. By encrypting your data, a VPN helps prevent hackers from accessing it—even if they manage to seize control of the proxy server.

Before I make any changes, who should I ask?

It’s wise to consult your IT staff before turning off WPAD if you’re connected to a work or educational network. They can assist you in selecting the course of action that is most appropriate for your circumstances.

Want faster WordPress?

WordPress Speed Optimization

Try our AWS powered WordPress hosting for free and see the difference for yourself.

No Credit Card Required.

Whitelabel Web Hosting Portal Demo

Launching WordPress on AWS takes just one minute with Nestify.

Launching WooCommerce on AWS takes just one minute with Nestify.