WinHTTP Proxy Settings deployed by Puppet

WinHTTP Proxy

WinHTTP

WinHTTP (Windows HTTP Services) is a set of programming interfaces that allows developers to create HTTP-based applications on the Windows operating system. It is used to communicate with HTTP servers, such as web servers, and can be configured to use a proxy server to access the Internet.

Here is a code snippet that You can use for the WinHTTP Proxy deployment in Windows environment by Puppet

if $WinHTTPproxy != undef {

  exec { 'Set WinHTTP proxy':
    path => 'C:\windows\system32',
    command => "cmd.exe /c netsh winhttp set proxy
                proxy-server=\"http=${WinHTTPproxy}:${WinHTTPproxyport};https=${WinHTTPproxy}:${WinHTTPproxyport};\"
                bypass-list=\"*.example.com;<local>\"",
    unless => "cmd.exe /c netsh winhttp show proxy | find \"${WinHTTPproxy}\" /I",
  }

}

One of the challenge in setting up Windows machine is to configure and control web traffic properly. These days the proxy severs are the most often use to serve that purpose. As a result, You may need to configure it in Windows environment at some point. There are various ways for achieving the goal. For one it may be enough to apply the setting manually. It is being presented below. For others the Active Directory Group Policy (GPO) is the most appropriate place for such a configuration. How to do that with GPO? Check out the blog post WinHTTP Proxy Settings deployed by GPO.

What about if GPO is out of your control? One time, I found myself in such situation. Definitely the manual approach was not considered. Even with help of PowerShell, which indeed could make this activity much smoother. Anyway, I was lucky to have the Puppet in place. We had been using it already for Windows servers in our environment. I could not resist from using the Puppet in that case.

How to check Proxy settings

Open CMD with elevated permissions and run the command as below:

netsh winhttp show proxy

Output from command execution in CMD – proxy has been setup

Show WinHTTP Proxy

Output from command execution in CMD – proxy has NOT been setup

Show WinHTTP Proxy

How to setup the Proxy manually

Open CMD with elevated permissions and run the command as below:

netsh winhttp set proxy

Output from command execution in CMD – proxy has just been setup properly

Set WinHTTP Proxy

When the WinHTTP Proxy gets created by Puppet

If condition on $WinHTTPproxy variable is specified to ensure that settings are applied only if the WinHTTP Proxy is defined. It can be done in various ways like for instance through facter or hiera. Eventually, the variable can be assigned in the same piece of code. In my implementations, I was always using a combination of the facter and hiera, which will be a subject of the next post.

Unless clause of the exec command is being used to ensure that WinHTTP Proxy is being added just once. Whenever show proxy does not return any result the command clause will be executed. WinHTTP Proxy settings will be updated. On the other hand, if show proxy produces any results, the command execution will be skipped.

if $WinHTTPproxy != undef {

  exec { 'Set WinHTTP proxy':
    path => 'C:\windows\system32',
    command => "cmd.exe /c netsh winhttp set proxy
                proxy-server=\"http=${WinHTTPproxy}:${WinHTTPproxyport};https=${WinHTTPproxy}:${WinHTTPproxyport};\"
                bypass-list=\"*.example.com;<local>\"",
    unless => "cmd.exe /c netsh winhttp show proxy | find \"${WinHTTPproxy}\" /I",
  }

}

Deployment of the WinHTTP Proxy by Puppet

Command clause contains set proxy command mentioned earlier. Please note that WinHTTP proxy and its port are provided as parameters. As a result, both are required for successful update of the proxy settings.

if $WinHTTPproxy != undef {

  exec { 'Set WinHTTP proxy':
    path => 'C:\windows\system32',
    command => "cmd.exe /c netsh winhttp set proxy
                proxy-server=\"http=${WinHTTPproxy}:${WinHTTPproxyport};https=${WinHTTPproxy}:${WinHTTPproxyport};\"
                bypass-list=\"*.example.com;<local>\"",
    unless => "cmd.exe /c netsh winhttp show proxy | find \"${WinHTTPproxy}\" /I",
  }

}

References:

Leave a Reply

Your email address will not be published. Required fields are marked *