如何在 Windows Server 2008 R2 中关闭(禁用)Web 代理自动发现 (WPAD)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15029615/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to Turn Off (Disable) Web Proxy Auto Discovery (WPAD) in Windows Server 2008 R2
提问by user1778184
We have a web service that is running slowly in production. In QA and UAT it is fine but those are housed at our corporate HQs. But production is in a data center in the cloud. I ran wireshark and found that it is making at least 6 calls to NBNS WPAD (each one timing out), each taking about 3/4 of a second making it very slow. I want to turn off WPAD since the environment is not configured to use it but it is still making the calls and just wasting time.
我们有一个在生产中运行缓慢的 Web 服务。在 QA 和 UAT 中没问题,但这些都位于我们的公司总部。但生产是在云中的数据中心。我运行了wireshark,发现它至少向 NBNS WPAD 发出 6 次调用(每次都超时),每次调用大约需要 3/4 秒,因此速度非常慢。我想关闭 WPAD,因为环境未配置为使用它,但它仍在进行调用并且只是在浪费时间。
My platform is windows server 2008 r2 with IE9. I want to completely disable WPAD DNS queries (and NBNS queries). We don't use a proxy. We don't use DHCP. I want to stop WPAD but I haven't been successful. I have tried the following: 1.disable "automatically detect settings" in IE 2.disable "use automatic configuration script" in IE 3.Checked that WinHTTP Web Proxy Auto-Discovery Service is not running automatically, it is set to run manual so I think that should be ok. 4.Executed "Netsh winhttp show proxy" which tells me Direct access (no proxy server).
我的平台是带有 IE9 的 windows server 2008 r2。我想完全禁用 WPAD DNS 查询(和 NBNS 查询)。我们不使用代理。我们不使用 DHCP。我想停止 WPAD 但我没有成功。我尝试了以下操作: 1.在 IE 中禁用“自动检测设置” 2.在 IE 中禁用“使用自动配置脚本” 3.检查 WinHTTP Web 代理自动发现服务没有自动运行,它被设置为手动运行我觉得应该没问题。4.执行“Netsh winhttp show proxy”,告诉我直接访问(无代理服务器)。
What am I missing that needs to be turned off?
我错过了什么需要关闭?
回答by flakshack
Many suggestions around disabling WPAD focus on Internet Explorer user settings. While this will tell IE to not use auto proxy detection, it will not stop the WinHTTP Web Proxy Auto-Discovery Service from querying for wpad. Some have suggested disabling this service entirely, but as of Windows 10, it is required for the IP Helper service and not recommended to disable it.
许多关于禁用 WPAD 的建议都集中在 Internet Explorer 用户设置上。虽然这会告诉 IE 不使用自动代理检测,但它不会阻止 WinHTTP Web 代理自动发现服务查询 wpad。有些人建议完全禁用此服务,但从 Windows 10 开始,IP Helper 服务需要它,不建议禁用它。
In the MS16-063notes, you can see their suggested workaround for the (fixed) vulnerability is to edit the hosts file (c:\windows\system32\drivers\etc\hosts).
在MS16-063注释中,您可以看到他们针对(已修复)漏洞的建议解决方法是编辑主机文件 (c:\windows\system32\drivers\etc\hosts)。
255.255.255.255 wpad.
Although the patch fixed that specific vulnerability, the workaround is still an option for disabling WPAD. In my testing, it does stop the queries. As the article notes:
尽管该补丁修复了该特定漏洞,但解决方法仍然是禁用 WPAD 的一个选项。在我的测试中,它确实停止了查询。正如文章所指出的:
Impact of workaround. Autoproxy discovery will not work, and for this reason, some applications, such as Internet Explorer, will not be able to load websites properly.
变通办法的影响。自动代理发现将不起作用,因此,某些应用程序(例如 Internet Explorer)将无法正确加载网站。
Keep in mind that WPAD can be a good thing when setup properly. As with any advice from the Internet, be sure to do your own testing before applying any changes. For example, if you make this change to corporate laptops and they travel to a site that requires WPAD, they will not work.
请记住,正确设置 WPAD 可能是一件好事。与来自 Internet 的任何建议一样,请务必在应用任何更改之前进行自己的测试。例如,如果您对公司笔记本电脑进行此更改,并且它们前往需要 WPAD 的站点,它们将无法工作。
Source: Microsoft forums.
来源:微软论坛。
Note that you can easily use Wireshark to see if a computer is doing wpad queries by using the filter:dns.qry.name contains "wpad"
请注意,您可以轻松地使用 Wireshark 通过使用过滤器来查看计算机是否正在执行 wpad 查询:dns.qry.name contains "wpad"
回答by Manuel Alves
Group Policy Editor
Edit "Default Domain Policy"
User Configuration
Policies
Windows Settings
Connection/Automatic Browser Configuration
Automatically detect configuration settings -> DISABLE
组策略编辑器
编辑“默认域策略”
用户配置
策略
Windows设置
连接/自动浏览器配置
自动检测配置设置->禁用
回答by lvpro
I have tested removing proxy from computers by renaming the WPAD key and rebooting.
You can also use IEAK11 to create a GPO to remove "Automatically detect settings" and that is why the script uses gpupdate to apply the GPO as well.
If you already applied the change to a computer this script won't do changes and will exit. The basic script is bellow.
我已经通过重命名 WPAD 密钥并重新启动来测试从计算机中删除代理。
您还可以使用 IEAK11 创建 GPO 以删除“自动检测设置”,这就是脚本也使用 gpupdate 来应用 GPO 的原因。如果您已经将更改应用于计算机,则此脚本不会进行更改并将退出。基本脚本如下。
Even when you turn on in Internet Explorer "Automatically detect settings" proxy is not used and WPAD key is recreated but with no proxy. This setting is no longer recommended as makes your computer vulnerable (https://it.slashdot.org/story/16/08/13/0149241/disable-wpad-now-or-have-your-accounts-compromised-researchers-warn) .
即使您在 Internet Explorer 中打开“自动检测设置”代理也不会使用,并且会重新创建 WPAD 密钥但没有代理。不再推荐此设置,因为它会使您的计算机易受攻击 ( https://it.slashdot.org/story/16/08/13/0149241/disable-wpad-now-or-have-your-accounts-compromised-researchers-警告)。
REM Script to delete the cached proxy configuration, clear IE cache, flushdns, rename WPAD key and delete the original; reboot is required
gpupdate
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad.bad" >nul
if %ERRORLEVEL%==0 goto END
ELSE
(
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
ipconfig /flushdns
reg copy "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad.bad"
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
echo n | gpupdate /force /wait:0
shutdown.exe /r /t 30 )
:END
回答by apache1
for my pihole (Raspberry PI based ad blocking software DNS level) i added the below in the hosts file
对于我的 pihole(基于 Raspberry PI 的广告拦截软件 DNS 级别),我在主机文件中添加了以下内容
pi@raspberrypi:~ $ cat /etc/hosts
127.0.0.1 localhost
0.0.0.0 wpad wpad.my.home
:: wpad wpad.my.home
and my nslookup shows
我的 nslookup 显示
pi@raspberrypi:~ $ nslookup wpad.my.home
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: wpad.my.home
Address: 0.0.0.0
pi@raspberrypi:~ $ nslookup wpad
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: wpad
Address: 0.0.0.0
if you are on a Windows machine you can open "C:\Windows\System32\drivers\etc\hosts" and add these entries
如果您使用的是 Windows 计算机,则可以打开“C:\Windows\System32\drivers\etc\hosts”并添加这些条目
0.0.0.0 wpad
0.0.0.0 wpad.my.home
change my.home to whatever local domain you have
将 my.home 更改为您拥有的任何本地域
回答by laktak
To prevent Windows from tracking which network support WPAD, you need to make a simple registry change:
为了防止 Windows 跟踪支持 WPAD 的网络,您需要进行简单的注册表更改:
- Click the Start button, and in the search field, type in "regedit", then select "regedit.exe" from the list of results
- Navigate through the tree to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad"
- Once you have the "Wpad" folder selected, right click in the right pane, and click on "New -> DWORD (32-Bit Value)"
- Name this new value "WpadOverride"
- Double click the new "WpadOverride" value to edit it
- In the "Value data" field, replace the "0" with a "1", then click "OK"
- Reboot the computer
- 单击“开始”按钮,在搜索字段中输入“regedit”,然后从结果列表中选择“regedit.exe”
- 通过树导航到“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad”
- 选择“Wpad”文件夹后,右键单击右侧窗格,然后单击“新建 -> DWORD(32 位值)”
- 将此新值命名为“WpadOverride”
- 双击新的“WpadOverride”值进行编辑
- 在“数值数据”字段中,将“0”替换为“1”,然后单击“确定”
- 重新启动计算机
