Proxy Auto Config – Advanced configuration for multiple proxy ports and locations.

The other day we received a request from our network guys to add more exceptions in IE proxy configuration and Active directory Group policy configuration refused to have more exceptions as the max characters limit (2048) is already reached!

Next came identifying the defunct domains in exceptions and trimming down the list, which hampered the SLA. After extensive follow up with Microsoft, the only solution visible was to create a proxy auto configuration file or a PAC file.

Today, having a PAC file is essential for environments serving large customer base with site to site VPNs. However, what if you have following restrictions while designing a PAC file?

  • Separate proxy servers for each location.
  • Roaming users traveling back and forth between these locations.
  • Proxy server supporting authenticated access on default port while providing anonymous access through other port.
  • Different exceptions for each location.

It is evident that the PAC file eventually will be really complex and will need more if, else, then conditions. The bad part is it doesn’t support majority of if / then combinations. After working on almost 5 different versions and rigorous testing, I found one that supports very well among all scenarios tested.

Although people landing here through the search for PAC file will have decent amount of idea of what is PAC file and how it works, I will recommend all to go through this link first.

The PAC file I designed has following structure. For the sake of understanding, I will use the words like “location1” “location2” and proxy.location1.com and proxy.location2.com. The default proxy port is 8080 and anonymous access port is 9090.

 

///////////////////////// Start of file ///////////////////////////////////////////////////////////////////////

function FindProxyForURL(url, host) {

var proxy = “DIRECT”;

// Condition for Location1

if (isInNet(myIpAddress(), “10.1.0.0”, “255.255.0.0”) || isInNet(myIpAddress(), “172.15.0.0”, “255.255.0.0”)) {

// Follwing condition defines anonymous access

if (dnsDomainIs(host, “.eclipse.org”) || dnsDomainIs(host, “.eclipsesource.com”) || dnsDomainIs(host, “.dl-ssl.google.com”) || dnsDomainIs(host, “.jboss.org”) || dnsDomainIs(host, “.assembla.com”) || dnsDomainIs(host, “.tigris.org”) || dnsDomainIs(host, “.avalonbay.com”))
{
proxy = “PROXY proxy.location1.com:9090″;
}

// Following condition defines exceptions for which the browser should avoid proxy.

else if (isPlainHostName(host) || shExpMatch(host, “10.*”) || dnsDomainIs(host, “.onmicrosoft.com”) || dnsDomainIs(host, “.office365.com”) || dnsDomainIs(host, “.microsoftonline.com”) || dnsDomainIs(host, “.microsoftonline-p.net”) || dnsDomainIs(host, “.microsoftonline-p.com”))
{
proxy = “DIRECT”;
}
else
{
proxy = “PROXY proxy.location1.com:8080″;
}
}

// Following is a condition for Location 2

if (isInNet(myIpAddress(), “10.2.0.0”, “255.255.0.0”)) {

// Follwing condition defines anonymous access

if (dnsDomainIs(host, “.eclipse.org”) || dnsDomainIs(host, “.eclipsesource.com”) || dnsDomainIs(host, “.jboss.org”))
{
proxy = “PROXY proxy.location1.com:9090″;
}

// Following condition defines exceptions for which the browser should avoid proxy.

else if (isPlainHostName(host) || shExpMatch(host, “10.*”) || dnsDomainIs(host, “.onmicrosoft.com”) || dnsDomainIs(host, “.office365.com”) || dnsDomainIs(host, “.microsoftonline.com”) || dnsDomainIs(host, “.microsoftonline-p.net”) || dnsDomainIs(host, “.microsoftonline-p.com”))
{
proxy = “DIRECT”;
}
else
{
// Go through default proxy port

proxy = “PROXY proxy.location1.com:8080″;
}
}

//Loopback goes direct

if ((host == “localhost”) ||
(shExpMatch(host, “localhost.*”)) ||
(host == “127.0.0.1”)) {
proxy = “DIRECT”;
}

return proxy ;

} // End of function

////////////////// End of File  ////////////////////////////////////////////////////

 

Configuring the DNS

to be updated soon…..

Share

Leave a Reply