Please add WPAD for MikroTik proxy.
For those unsure what WPAD is check this out: http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
Unless you want to host the proxy config file on the MT router, you should be able to implement both the DNS and DHCP methods for distribution already. All that’s missing for hosting the file itself seems to be the MIME type.
http://video.google.com/videoplay?docid=-4596414840866123044
After this, I would not suggest depending on wpad for anything. Utilizing it in MT would either mean you’re a cracker or a fool.
While I have to admit that I have not watched that particular video, WPAD can be (reasonably) secured by simply implementing the relevant DHCP option. When a client receives a WPAD announcement via DHCP, any hacks involving DNS will not work as the client will not even attempt to fetch information that way. Attempting to secure DHCP server usage on your network should be part of any secure design - if you don’t control DHCP, you don’t control the gateway and the entire point is moot since an attacker can simply insert himself there.
The larger issue here is that any Windows client running IE or Firefox will try to auto-configure via DNS if the DHCP option is not present, if configured so. Recent versions of IE and all Firefox versions disable auto-configuration by default, earlier versions of IE default to it. If you do not control all the clients via group policies, you could very well argue that providing the DHCP option is more secure than not doing so, since second level TLDs such as .co.uk are outside of your control and may be traversed to during WPAD auto-discovery. Clients coming into your network may not be able to turn this configuration off if they are unfortunate enough to work for a company that turned it on via group policy and does not grant sufficient rights for the user to override.
All in all I don’t think WPAD is an unreasonable request since it does exist in the real world - though I agree that it would be best if it didn’t.
Felix