Advanced Proxy Pac File

AdvancedProxyPacFile

When a number of computers reside on a single network, especially in a corporate setting a Proxy Server is often installed to provide a secure and efficient way of providing Internet access.

A Proxy Server basically sits at the boundary of a network and provides Internet access by allowing the client computers to talk directly to it whilst it heads off to the Internet to retrieve content.

The browsers need to be pointed at this proxy server in order for the connection to work and although having a single proxy server is fairly easy to configure by simply either it’s IP address or DNS address in the Browser settings page, configuring multiple clients for multiple Proxy servers can become very complicated very quickly.

A Proxy Pac File is a configuration file that instructs the Browser which Proxy Server it needs to use in order to get to a certain destination (usually the Internet).

When combined with smart distribution and configuration techniques such as Active Directory, PAC files can be a very powerful tool.

Writing an advanced Proxy Pac File can be both time consuming and frustrating.  The following is an example of an advanced Proxy Pac File that is capable of using a number of different Proxy Server addresses depending on both the source IP of the client and the destination.  There are a number of additional factors to take into account when using this Proxy Pac File, particularly around the use of the myIpAddress function which is known to have mixed results around both incorrectly using the local loop back address (127.0.0.1) and IPv6 when installed.  In my experience, this file has worked without problem – but your mileage may vary.

The main backbone of the Proxy Pac File is built around using the Javascript logical operators AND (&&) / OR (||) (double click to select all for copy/paste).

[sourcecode language=”plain”]
// Advanced Proxy PAC File
// Please feel free to copy, paste and edit as much as you like!function FindProxyForURL(url, host)
{// *** Proxy Pac File checks local IP to see if it is in the 192.168.10.0/24 network ***
if (
isInNet(myIpAddress(), "192.168.10.0", "255.255.255.0") &&
(
// *** Proxy Pac File then checks to see if the destination address is in any of the following addresses ***
shExpMatch (host, "10.10.10.*") ||
shExpMatch (host, "10.10.20.*") ||
shExpMatch (host, "10.10.30.*") ||
dnsDomainIs (host, ".corporate")
)
)
// *** Proxy Pac File then sets the Proxy Server as the following Proxy Server address and port ***
{return "PROXY proxy1.proxypacfile.com:8080";}// *** Proxy Pac File checks local IP to see if it is in the 192.168.20.0/24 network ***
if (
isInNet(myIpAddress(), "192.168.20.0", "255.255.255.0") &&
(
// *** Proxy Pac File then checks to see if the destination address is in any of the following addresses ***
shExpMatch (host, "10.10.10.*") ||
shExpMatch (host, "10.10.20.*") ||
shExpMatch (host, "10.10.30.*") ||
dnsDomainIs (host, ".corporate")
)
)
// *** Proxy Pac File then sets the Proxy Server as the following Proxy Server address and port ***
{return "PROXY proxy2.proxypacfile.com:8080";}// *** Proxy Pac File checks local IP to see if it is in the 192.168.30.0/24 network ***
if (
isInNet(myIpAddress(), "192.168.30.0", "255.255.255.0") &&
(
// *** Proxy Pac File then checks to see if the destination address is in any of the following addresses ***
shExpMatch (host, "10.10.10.*") ||
shExpMatch (host, "10.10.20.*") ||
shExpMatch (host, "10.10.30.*") ||
dnsDomainIs (host, ".corporate")
)
)
// *** Proxy Pac File then sets the Proxy Server as the following Proxy Server address and port ***
{return "PROXY proxy3.proxypacfile.com:8080";}// *** Proxy PAC File checks the following destination addresses regardless of client IP ***
if (
shExpMatch (host, "172.16.10.*.*") ||
shExpMatch (host, "172.16.20.*.*") ||
shExpMatch (host, "172.16.30.*.*")
)
// *** Proxy Pac File then sets the Proxy Server as the following Proxy Server address and port ***
{return "PROXY proxy4.proxypacfile.com:8080";}// *** Proxy Pac File checks the following destination addresses regardless of client IP ***
if (
dnsDomainIs (host, ".internal") ||
dnsDomainIs (host, ".local") ||
dnsDomainIs (host, ".intranet")
)
// *** Proxy Pac File then sets the Proxy Server as Direct which will bypass all Proxy Servers ***
{return "DIRECT";}// *** Proxy Pac File will set the global Proxy Server in the event that no other conditions are met ***
else
{return "PROXY globalproxy.proxypacfile.com:8080";}
}
[/sourcecode]

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.