Question:
What is a Proxy Pac file, and are there any examples?
Environment: Cisco Web Security Appliance
Note: This Knowledge Base article references software which is not maintained or supported by Cisco. The information is provided as a courtesy for your convenience. For further assistance, please contact the software vendor.
Reference Link: JavaScript or JScript Auto-Proxy Example Files
JavaScript or JScript Auto-Proxy Example Files
The following scripts provide examples of how a '.pac' file could be used to specify an auto-proxy URL. To use these functions, you must change the proxy names, port numbers, and IP addresses.
- The isInNet, isResolvable, and dnsResolve functions query a DNS server
- References to Object Model objects, properties, or methods cause the proxy auto-configuration file to fail silently. For example, the references window.open(...), alert(...), and password(...) all cause the proxy auto-configuration file to fail on Internet Explorer.
Example 1: Local hosts connect direct, all others connect via proxy
The following function checks to see whether the hostname is a local host, and if it is, whether the connection is direct. If the hostname is not a local host, the connection is through the proxy (proxy).
function FindProxyForURL(url, host)
{
if (isPlainHostName(host))
return "DIRECT";
else
return "PROXY proxy:80";
}
The isPlainHostName function checks to see if there are any dots in the hostname. If so, it returns false; otherwise, the function returns true.
Note: For a direct connection to local webserver, a domain or subnet match might also be needed. Not all requests to local webservers are done using just hostnames
Example 2: Hosts inside the firewall connect direct, outside local servers connect via proxy
The following function checks to see whether the host is either a "plain" hostname (meaning the domain name is not included) or part of a particular domain (.company.com) but the hostname is not either www or home.
function FindProxyForURL(url, host)
{
if ((isPlainHostName(host) ||
dnsDomainIs(host, ".company.com")) &&
!localHostOrDomainIs(host, "www.company.com") &&
!localHostOrDoaminIs(host, "home.company.com"))
return "DIRECT";
else
return "PROXY proxy:80";
}
Note:
- The localHostOrDomainIs function is executed only for URLs in the local domain.
- The dnsDomainIs function returns true if the domain of the hostname matches the domain given.
Example 3: If host is resolvable, connect direct. Otherwise connect using a proxy.
The following function asks the DNS server to try to resolve the hostname passed to it. If it can, then a direct connection is made. If it cannot, the connection is made via proxy. This is useful when an internal DNS server is used to resolve all internal hostnames.
function FindProxyForURL(url, host)
{
if (isResolvable(host))
return "DIRECT";
else
return "PROXY proxy:80";
}
See note on the isResolvable function at the top of the page.
Example 4: If host is in specified subnet, connect direct. Otherwise connect using a proxy.
The following function compares a given IP address pattern and mask with the hostname. This is useful if certain hosts in a subnet should be connected directly and others should be connected using a proxy.
function FindProxyForURL(url, host)
{
if (isInNet(host, "999.99.9.9", "255.0.255.0"))
return "DIRECT";
else
return "PROXY proxy:80";
}
See note on the isInNet function at the top of the page.
The isInNet(host, pattern, mask) function returns true if the host IP address matches the specified pattern. The mask indicates which part of the IP address to match (255=match, 0=ignore).
Example 5: Determine connection type based on host domain
The following function specifies a direct connection if the host is local. If the host is not local, this function determines which proxy to use based on the host domain. This is useful if the host domain name is one of the criteria for proxy selection.
function FindProxyForURL(url, host)
{
if (isPlainHostName(host))
return "DIRECT";
else if (shExpMatch(host, "*.com"))
return "PROXY comproxy:80";
else if (shExpMatch(host, "*.edu"))
return "PROXY eduproxy:80";
else
return "PROXY proxy";
}
The shExpMatch(str, shexp) function returns true if str matches the shexp using shell expression patterns.
Example 6: Determine connection type based on protocol being used
The following function extracts the protocol being used and makes a proxy selection accordingly. If no match is made on the protocol, then a direct connection is made. This is useful if the protocol being used is one of the criteria for proxy selection.
function FindProxyForURL(url, host)
{
if (url.substring(0, 5) == "http:") {
return "PROXY proxy:80";
}
else if (url.substring(0, 4) == "ftp:") {
return "PROXY fproxy:80";
}
else if (url.substring(0, 7) == "gopher:") {
return "PROXY gproxy";
}
else if (url.substring(0, 6) == "https:") {
return "PROXY secproxy:8080";
}
else {
return "DIRECT";
}
}
The substring function extracts the specified number of characters from a string.
Example 7: Determine proxy setting by checking to see if hostname matches IP address
The following function makes a proxy selection by translating the hostname into an IP address and comparing it to a specified string.
function FindProxyForURL(url, host)
{
if (dnsResolve(host) == "999.99.99.999") { // = http://proxy
return "PROXY secproxy:8080";
}
else {
return "PROXY proxy:80";
}
}
See note on the dnsResolve function at the top of the page.
Example 8: If host IP matches specified IP, connect via proxy, else connect direct
The following function is another way to make a proxy selection based on specifying an IP address. This example, unlike Example 7, uses the function call to explicitly get the numeric IP address (Example 7 uses the dnsResolve function to translate the hostname into the numeric IP address).
function FindProxyForURL(url, host)
{
if (myIpAddress() == "999.99.999.99") {
return "PROXY proxy:80";
}
else {
return "DIRECT";
}
}
The myIpAddress function returns the IP address (in integer-dot format) of the host that the browser is running on.
Example 9: If there are any dots in the hostname, connect using a proxy. Otherwise, connect direct.
The following function checks to see how many dots are in the hostname. If there are any dots in the hostname, make a connection via proxy. If there are no dots in the hostname, make a direct connection. This is another way to determine connection types based on hostname characteristics.
function FindProxyForURL(url, host)
{
if (dnsDomainLevels(host) > 0) { // if the number of dots in host > 0
return "PROXY proxy:80";
}
return "DIRECT";
}
The dnsDomainLevels function returns an integer equal to the number of dots in the hostname.
Example 10: Specify days of the week to connect via proxy, other days connect direct
The following function determines the connection type by specifying days of the week that are appropriate for a proxy. Days that do not fall between these parameters use a direct connection. This function could be useful in situations where you might want to use a proxy when traffic is heavy and allow a direct connection when traffic is light.
function FindProxyForURL(url, host)
{
if(weekdayRange("WED", "SAT", "GMT"))
return "PROXY proxy:80";
else
return "DIRECT";
}
The weekdayRange(day1 [,day2] [,GMT] ) function returns whether the current system time falls within the range specified by the parameters day1, day2, and GMT. Only the first parameter is required. The GMT parameter presumes time values are in Greenwich Mean Time rather than the local time zone.
Example 11: Load Balancing with a simple Math function
function FindProxyForURL(url, host){
return randomProxy();
}
function randomProxy()
{
switch( Math.floor( Math.random() *2))
{
case 0: return "PROXY 1.1.1.1:3128; PROXY 2.2.2.2; PROXY DIRECT;"
case 1: return "PROXY 2.2.2.2:3128; PROXY 1.1.1.1; PROXY DIRECT;"
}
}
You will see that the cases also implement a failover in case one proxy is not available.