«

»

Dec 18

Print this Post

Proxy PAC configuration file

Had to work on one of these for a client, and decided that while there’s a whole host of documentation out there, there aren’t a lot of good working examples of how to use the proxy auto config functions properly in a complex file.

Since I spent the better part of 8 hours getting something that works properly in the environment (including site blocking to a custom server), I figured I’d share it with the users of this series of tubes in the hope it helps someone.

// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
//
// NAME:        proxy.pac
//
// Original:    http://www.cluberti.com/blog
// Last Update: 14th May 2010
//
// Comment:     Proxy.pac example file for use as an auto configuration script
//              template.
//
// NOTE:        Provided as-is - usage of this source assumes that you are at the
//              very least familiar with the javascript language being used and
//              the tools used to create and debug this file.
//
//              In other words, if you break it, you get to keep the pieces.
//
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

// javascript:alert ("Using PAC file");

// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Start of the PAC file - function FindProxyForUrl:

function FindProxyForURL(url, host)
{

// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Set proxy values as strings to use during return
// NOTE that if a rule directs the browser to return proxy_block, in this example
// the browser should attempt to visit http://internalserver:80, and will display
// the default web site at that location.

	var proxy_primary = "PROXY proxy.primary.internal.domain.com:80";
	var proxy_secondary = "PROXY proxy.secondary.internal.domain.com:80";
	var proxy_testing = "PROXY proxy.testing.internal.domain.com:80";
	var proxy_block = "PROXY internalserver:80"; //<- useful for blocking sites
	var proxy_no = "DIRECT";

// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Some proxies may have issues with mixed-case URLs, so change host variable to
// all lower case, and resolve the host IP to reduce DNS lookups later:

	host = host.toLowerCase();
	var resolved_IP = dnsResolve(host);

// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Master blocked sites list
// NOTE: Add all sies you wish to redirect to proxy_block here:

	// if destination is .someblockeddomain.com, return proxy_block:
	if (dnsDomainIs(host, ".someblockeddomain.com"))
	{
		return proxy_block;
	}

// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// If URL has no dots in host name, send traffic direct.

	if (isPlainHostName(host))
	{
		return proxy_no;
	}

// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Master proxy bypass list
// NOTE: Add all other proxy bypass entries into this section:

	// If destination is to an RFC 1918 IP, return direct:
	if (isInNet(resolved_IP, "10.0.0.0", "255.0.0.0") ||
			isInNet(resolved_IP, "172.16.0.0",  "255.240.0.0") ||
			isInNet(resolved_IP, "192.168.0.0", "255.255.0.0") ||
			isInNet(resolved_IP, "127.0.0.0", "255.255.255.0"))
	{
		return proxy_no;
	}

	// If request matches certain hosts in our IP range, return direct:
	if (isInNet(resolved_IP, "11.11.11.11", "255.0.0.0") ||
			isInNet(resolved_IP, "11.11.11.12", "255.0.0.0"))
	{
		return proxy_no;
	}

		If request begins with "xww", return direct:
	if (shExpMatch(host, "xww.*"))
	{
		return proxy_no;
	}

	// If request matches for *.internal.ourdomain.com/.net/.org, return direct:
	if (shExpMatch(host, "*.internal.ourdomain.com") ||
			shExpMatch(host, "*.internal.ourdomain.net") ||
			shExpMatch(host, "*.internal.ourdomain.org"))
	{
		return proxy_no;
	}

	// If request resolves to .external/.testing.ourdomain.com, return direct:
	if (dnsDomainIs(host, ".external.ourdomain.com") ||
			dnsDomainIs(host, ".testing.ourdomain.com"))
	{
		return proxy_no;
	}

// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Hosts/domains to proxy
// NOTE: Add all hosts/domains that should go through the proxy into this section:

        // If request is for *.ourdomain.com and we've gotten this far, further
        // parsing is required:
        if (shExpMatch(host, "*.ourdomain.com"))
        {

                // If request is for .us.ourdomain.com, use primary proxy:
                if (dnsDomainIs(host, ".us.ourdomain.com"))
                {
                        return proxy_primary;
                }

                // If request is for .world.ourdomain.com, use secondary proxy:
                if (dnsDomainIs(host, ".world.ourdomain.com"))
                {
                        return proxy_secondary;
                }
        }

        // If browsing to *.microsoft.com, further parsing is required:
        if (shExpMatch(host, "*.microsoft.com"))
        {

                // If request is specifically for www.microsoft.com, try the secondary
                // proxy first:
                if (localHostOrDomainIs(host, "www.microsoft.com"))
                {
                        return proxy_secondary + "; " + proxy_primary ;
                }

                // Otherwise, try the primary proxy first to other microsoft sites:
                if (dnsDomainIs(host, ".microsoft.com"))
                {
                        return proxy_primary + "; " + proxy_secondary ;
                }
        }

        // If browsing to *.someotherdomain.com, further parsing is required:
        if (shExpMatch(host, "*.someotherdomain.com"))
        {

                // 172.16.0.0/255.255.0.0 IP address block -- try primary proxy first:
                if (isInNet(myIpAddress(), "172.16.0.0", "255.255.0.0"))
                {
                        return proxy_primary + "; " + proxy_secondary ;
                }

                // 172.31.0.0/255.255.0.0 IP address block -- try secondary proxy first:
                if (isInNet(myIpAddress(), "172.31.0.0", "255.255.0.0"))
                {
                        return proxy_secondary + "; " + proxy_primary ;
                }
        }

// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Advanced proxying based on computer IP Address via the myIpAddress() function
// NOTE: Add all IP Address ranges you wish to proxy for in this section:

        // If the computer's IP address is in the 172.16.0.0/255.255.0.0 range, use
        // the the primary proxy Monday through Friday:
        if (isInNet(myIpAddress(), "172.16.0.0", "255.255.0.0"))
        {
                if (weekdayRange("MON", "FRI"))
                {
                        return proxy_primary;
                }
        // If this check is done on Saturday or Sunday, this will fall through and
        // parsing will continue.
        }

        // If the computer's IP address is in the 172.31.0.0/255.255.0.0 range, use
        // the secondary proxy from January to June, and September to December:
        if (isInNet(myIpAddress(), "172.31.0.0", "255.255.0.0"))
        {
                if (dateRange("JAN", "JUN"))
                {
                        return proxy_secondary;
                }
                if (dateRange("SEP", "DEC"))
                {
                        return proxy_secondary;
                }
        // If this check is done in July or August, this will fall through and parsing
        // will continue.
        }

        // If the computer's IP address is in the 192.168.0.0/255.255.0.0 range, use
        // the testing proxy from 8AM to 6PM local time:
        if (isInNet(myIpAddress(), "192.168.0.0", "255.255.0.0"))
        {
                if (timeRange(8, 18))
                {
                        return proxy_testing;
                }
        // If this check is done before 8AM or after 6PM, this will fall through and
        // parsing will continue.
        }

        // If the computer's IP address is in the 10.0.0.0/255.0.0.0 range, use the
        // testing proxy:
        if (isInNet(myIpAddress(), "10.0.0.0", "255.0.0.0"))
        {
                return proxy_testing;
        }

// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Default return direct rule

// If the request matches no other parsing rules, return direct:
else
        // javascript:alert ("PAC finished parsing for: " + host + "\nFrom IP: " + myIpAddress() + "\nReturning: " + proxy_no);
        return proxy_no;
}

Permanent link to this article: http://www.cluberti.com/blog/2009/12/18/proxy-pac-configuration-file/

Bad Behavior has blocked 526 access attempts in the last 7 days.