Friday 13 May 2011

Using a PAC file to set proxy settings

There are many ways to configure proxy settings, via a GPO, via a build, or an application.

Proxy settings can cause issues for mobile users if they use their device away from the corporate LAN as the proxy server will not be reachable, this will render the internet browser unusable (unless of course Direct Access has been implemented)

There are many solutions to this problem, some common ones are:
1. Teach users to enable and disable proxy settings, This is not the most elegant solution, is likely to cause a fair amount of support calls, and also means proxy settings cannot be enforced.

2. Run a 3rd party app that users can click on and select proxy on or proxy off. Im not a fan of these types of applications that sit there and use up resources for no real reason.

3. Run a login script that sets the proxy setting if you are connected to the corporate LAN, and doesn’t if you are not. This is a long winded way of doing it, and is not 100% effective.

In my opinion, the most effective and efficient way of configuring proxy settings is to use a proxy auto config file (PAC)
A PAC file contains a JavaScript function "FindProxyForURL(url, host)". This function returns a string with one or more access method specifications. These specifications cause the user agent to use a particular proxy server or to connect directly

.
You configure your browser (works in all popular browsers) to use a script to configure proxy settings, this setting remains in place permantly. If the PAC file is placed on a web server accessible only within the corporate LAN, if the user is away from the LAN, the config file is not found, so therefore a proxy is not used.


When the user is within the LAN, the file is found, and proxy settings configured.
Some say that a login script can achieve this too, however the login script requires you to login to take effect.


Take a scenario where a user is in the office, closes the lid on his or her laptop, gets on the train then opens the lid, and connects via 3G.
If proxy settings were configured with a login script, the office proxy settings would still be present unless the user logged off and on again.
With a PAC method in place, the browser looks for the settings each time a page is requested, therefore it would fail to find the config file and connect directly.

Below is an example PAC file which can be modified to suit your needs. This could be further extended to look at the current IP of the client, and return a different proxy depending on where the client is. Eg if the client is within an IP range which is associated with the Paris office, the Paris proxy would be returned, or if the client is on a New York IP range, the New York proxy would be returned.


function FindProxyForURL(url, host)
 {
        
        // Direct connections to Hosts
         if (isPlainHostName(host) ||
         (host == "127.0.0.1") ||
         (host == "www.a-whole-domain.com") ||
         (shExpMatch(host, "*.a-entire-domain.com")) ||
         (shExpMatch(host, "10.20.30.*"))) {
           return "DIRECT"
         } else {
           return "PROXY proxy-server.domain.com:8080"
         }
 }



Within this file, access to the IP range 10.20.30.0 - 10.20.30.255 would be accessed directly (bypassing the proxy) aswell as the domain www.a-whole-domain.com. anything under the domain a-entire.domain.com would also bypass the proxy. everything else will be directed at the proxy server "proxy-server.domain.com" on port 8080.
Add additional sites to the proxy bypass list by copying an existing line and pasting it below.


Although a WPAD file could also offer similar functionality, in my experience a PAC file is much more flexible and will enable changes to take effect instantly.

14 comments:

  1. Unfortunately many of the free services available online are slow, insecure and probably already blocked by your internet overlords.buy vpn

    ReplyDelete
    Replies
    1. Good article knowledge gaining article. This post is really the best on this valuable topic. Microleaves

      Delete
  2. Proxy servers or simply just often known as "proxies" are one particular from the most widely utilized internet servers for the World wide web. Many people use them on day-to-day basis and their give good results or company generally depends on proxies. see it here

    ReplyDelete
  3. This is exceptionally instructive substance and composed well for a change. It's pleasant to see that a few individuals still see how to compose a quality post!  VPN to Unblock British TV

    ReplyDelete
  4. It is truly a great and helpful piece of info,Excellent blog,Thanks for sharing. Wifi Password Master Mod Apk

    ReplyDelete
  5. This article is an engaging abundance of enlightening information that is intriguing and elegantly composed. I praise your diligent work on this and thank you for this data. You have what it takes to get consideration.  Read the reviews

    ReplyDelete
  6. I am all that much satisfied with the substance you have specified. I needed to thank you for this awesome article.  maggiori informazioni

    ReplyDelete
  7. I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post. visit website

    ReplyDelete
  8. Just admiring your work and wondering how you managed this blog so well. It’s so remarkable that I can't afford to not go through this valuable information whenever I surf the internet! privacyonline

    ReplyDelete
  9. I have used a lot of juicers in the past and I created this blog to help juice lovers make the right decision in choosing the type of juicer that best fit their needs. There are several good masticating juicers to choose from.  getmoreprivacy.com

    ReplyDelete
  10. Impressive web site, Distinguished feedback that I can tackle. I am moving forward and may apply to my current job as a pet sitter, which is very enjoyable, but I need to additional expand. Regards lemigliorivpn

    ReplyDelete
  11. A fascinating dialog is value remark. I feel that it is best to compose more on this matter, it may not be an unthinkable theme however generally people are insufficient to chat on such subjects. To the following. Salud. lesmeilleursvpn

    ReplyDelete
  12. I essentially discovered your site page and expected that would state that I have truly respected the experience of looking on the web diary sections. bezoek website

    ReplyDelete
  13. First You got a great blog .I will be interested in more similar topics. i see you got really very useful topics, i will be always checking your blog thanks. Meer hierover leest je hier

    ReplyDelete