WinHttp Configuration for Windows Vista


In my previous posts, I described the new WinHttp proxy, tracing and client certificate configuration story for Windows Vista Beta2. The syntax of the netsh commands used to configure WinHttp proxy and tracing settings have changed for Vista RTM and this post describes the changes in command syntax since the beta.


WinHttp Netsh Context


From the previous posts you might be aware that in Windows Vista, the WinHttp proxy and tracing configuration tools, proxycfg.exe and winhttptracecfg.exe respectively, have been replaced with netsh commands. All the WinHttp related netsh commands live under the “winhttp” netsh context. To navigate to it, open an administrator command prompt and type “netsh” then “winhttp”:


C:\Windows\system32>netsh

netsh>winhttp

netsh winhttp>


You can type “?” in this context and display the list of available commands there. You can also type “?” at the end of any command to get a detailed description of the command syntax.

Displaying current settings and restoring the defaults


You can use the “show” netsh commands to display the current settings. “show proxy” will display the current proxy settings, while “show tracing” will display the current tracing settings. You can also use the “reset” netsh command to restore the default settings. “reset proxy” will set the WinHttp proxy settings to DIRECT, while “reset tracing” will disable the tracing.


Setting WinHttp proxy settings


Use the “set proxy” command to configure the proxy settings. You can type the command followed by a question mark to see the syntax:



netsh winhttp>set proxy /?

Usage: set proxy [proxy-server=]<server name> [bypass-list=]<hosts list>

Parameters:

  Tag              Value

  proxy-server   – proxy server for use for http and/or
                   https protocol

  bypass-list    – a list of sites that should be visited
                   bypassing the proxy (use “<local>” to
                   bypass all short name hosts)

Examples:

  set proxy myproxy

  set proxy myproxy:80 “<local>bar”

  set proxy proxy-server=”http=myproxy;https=sproxy:88″ bypass-list=”*.foo.com”


Just follow the examples listed in the samples above to set your proxy settings.


Note that importing proxy settings from IE is now accomplished by the “import” command (importing from IE is the only available option there):


netsh winhttp>import proxy /?

Usage: import proxy [source=]ie

Parameters:

  Tag       Value

  source  – from where the setting is imported

Examples:

  import proxy source=ie


Setting WinHttp tracing settings


To set the WinHttp tracing settings, use the “set tracing” command from the netsh winhttp context:


netsh winhttp>set tracing /?

Usage: set tracing

      [output=]file|debugger|both

      [trace-file-prefix=]<string>

      [level=]default|verbose

      [format=]ansi|hex

      [max-trace-file-size=]<number>

      [state=]enabled|disabled

Parameters:

  Tag Value

  trace-file-prefix   – Prefix for the log file (can
                       include a path) specify “*” to
                       delete an existing prefix

  output              – Where the trace entries are
                        written/displayed to

  level               – How much information to log

  format              – Display format of network traffic
                        (hex or ansi)

  max-trace-file-size – Maximum size of the trace file (in
                        bytes)

  state               – Enables or disables winhttp tracing

Examples:

  set tracing trace-file-prefix=”C:\Temp\Test3″ level=verbose format=hex

  set tracing output=debugger max-trace-file-size=512000 state=enabled


Please note that you can use the “state” parameter to disable / enable the tracing. For example, “set tracing state=disabled” will disable the tracing.

Also, your process needs to have enough permissions to create the trace file, so it is recommended to specify a folder via the “trace-file-prefix” parameter that you know your process has write access to.


  -Nesho Neshev

Comments (8)

  1. mahara says:

    Regards to setting up the proxy server address, so how to set up the http proxy authentication data: both the user name and the password?

    HTTP proxy authencation (HTTP 407) has always been problem so far in Windows platform.

    Is there any effort to unify this network setting to become ONLY in one place?

    Now, I see this in WinHttp Configuration. I’ve seen this also in IE. Why would I set the same information in more than one place?

    Any thoughts?

    Thanks!

  2. NMi says:

    Thanks for the clues about netsh/winhttp !

    > Why would I set the same information in more than one place?

    Well, it’s a matter of win-history :) You can separate your proxy settings for the "user browser" and for the "core services".

  3. mahara says:

    @NMI

    > Well, it’s a matter of win-history :) You can separate your proxy settings for the "user browser" and for the "core services".

    The problem is there’s no consistency among the two. For example, for system proxy (set through proxycfg in WinXP), there’s no way you can set your authentication data (user name and password), while you can do this in IE.

    The idea I’m bringing is to create a standardized system proxy manager where you can put all standardized proxy information (the address, port, user name, password, etc.). Then, a user can create many proxy configurations so that (for example):

    – "core service" can choose "proxy configuration a"

    – "user browser" can choose "proxy configuration b"

    What do you think? Still each apps can still choose different proxies but IMHO it’s a more scalable solution. Yet, it’s more well-defined than current approach taken in Windows (even Vista; I haven’t seen WinServer 2008 yet).

    Further, I’ve reported it here:

    https://connect.microsoft.com/WNDP/feedback/ViewFeedback.aspx?FeedbackID=153320

  4. Sam McKelvie says:

    I would love to see a named entity that represents a logical collection of proxy settings (or other http/networking settings, such as autologon policy, SSL client certificate, etc.) like this. Then any client application could configure its HTTP settings by binding to a single logical name rather than hardcoding settings or having to provide its own elaborate configuration UI. It also be nice if one collection of settings could inherit defaults from another collection and refine them, rather than becoming a full copy of settings. This would help keep shared settings in one place and would improve the backwards compat story when new settings are added.

    Rather than hiding everything in the registry, it would also be nice if at the time I bind to WinHTTP or create a session, I could point at a config file or just provide a blob of XML to describe an entity. But that may be too abstract for WinHTTP.

  5. Bruce Willis says:

    Hi!

    How can I unset the proxy after executing

    netsh winhttp>set proxy myproxy ?

    I’ve tried the command unset proxy but I’ve an error as result.

    Please advice.

    Thanks in advance!

    Bruce.

  6. wndpteam says:

    Bruce

    The command to reset your proxy settings is

    netsh winhttp reset proxy

    Thanks

    -Jonathan Silvera

    WinHTTP Program Manager

  7. Steve Gombotz says:

    Is there  way to set or use authentication over the winhttp proxy settings?  I have a scenarion where if I my proxy doesn't require authentication, the winhttp proxy settings work fine, but if the proxy does require authentication, the service doesn't send auth to the proxy. (ie. does work though)

    It's almost like winhttp doesn't work in a "interactive mode" with the proxy.

    Can you confirm or deny?

  8. mahara says:

    I wonder why the team remain silent if being asked with such question (about proxy authentication), such as the one asked by @Steve Gombotz above and me myself.

    I can't hardly remember if they ever say a thing in my suggestion I've reported in Connect (I even can't see my suggestion anymore; not sure where it goes…)