Prevent Proxy Authentication Loops

If you use WPAD for automatic proxy settings it might be the WPAD settings will also be read by the server where the proxy is installed. In this case if you run a browser on that server or just type anything in the Search Menu on Windows the machine would connect to itself and authentication might fail.

In this case the following popup window might be shown. A proxy is then connecting to proxy (itself) and fails to authenticate.

To solve the problem, we need to somehow disable the proxy authentication when request comes from the proxy itself. It might be done by:

• adjusting the WPAD settings or Global Policy to NOT configure proxy settings for machines where proxy app is installed (architecturally correct way so to say).
• making a new policy in the proxy application with disabled authentication and putting the proxy machines into it (quick and dirty way).

To follow the second approach, add a new policy, call it nofilter as shown on the following screenshot. Be sure to set the Skip Authentication checkbox in the advanced policy settings.

Then specify the static IP address of your proxy machine in the Policy Member settings. Note the 192.168.4.40 is the IP address of our test lab proxy machine, yours will be different of course.

Finally, click Save and Apply in order for the changes to be applied. Now access from the proxy machines should not be authenticated. This can be checked in the Monitoring node.