Another reason i hate Internet Explorer…

Internet Explorer does not retry bad proxy server for 30 minutes

 

After deploying a proxy server using WPAD (proxy autoconfiguration scripts) i found that firefox always works as intended, yet internet explorer 7 has some wierd behavior.

For one thing, IE7 caches proxy lookups and refuses to to failover properly. In some cases, webpages load and then say page can not be displayed for no apparent reason.

It turns out that if the wpad caching is turned on in the registry (the default setting btw) this behavior is by design. any web browsing for 30 mins will go direct, bypassing the proxy.

WHY WHY WHY?!?!?!?!?! anyways here is a couple articles i found that cover the issue and we are currently testing this to see if it has helped solve the issue. we will then rollout these changes via GPO and registry pushes via KBOX.

How to disable automatic proxy caching in Internet Explorer

Internet Explorer does not retry bad proxy server for 30 minutes

Thanks to Sophos for having this documented for the Web Security Applicance they sell (we dont use this btw, but they covered this in the installation portion of the documentation) http://ca-repo1.sophos.com/docs/wsa/swa_docs/pdf/ws1000/SWAConfigGuide.pdf

I really wish we could move on from IE7 to a newer version, but i think this issue or at least others exist.

UPDATE! 5/27/2011

These settings have been tested in our environment and seem to resolve our issues completely. I wanted to again thank Sophos for documenting the fix

Using Regedit, open the following location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Create a “BadProxyExpiresTime” DWORD value in this key, and assign a value of 0. Note that these values are in seconds.

Create a “EnableAutoproxyResultCache” DWORD value in this key, and assign a value of Data value: 0 = disable caching

BTW, in case you are wondering what WPAD is in the first place, i will do a quick writeup on the subject soon. I will also include configuration examples utilizing ClearOS as a security appliance. See my products and services page for information on ClearOS.

 

This product enables small to enterprise customers to leverage a solid platform that can provide a lot of value.

I currently use this system to deploy Internal Chat and Presence Servers, Centralized Internet Security and Reporting services as well as off-site backup solutions.

I find the chat server to be invaluable as a communication tool. The presence feature is very useful and also allows teams of users to work in different locations and is good to know when someone is actually available compared to email which you have no such information other than out of office notices.