Proxy PAC file hosting and writing


I am not going to profess to being an expert in this filed but I have done a few PAC files.

I am not going to explain what a PAC file is, because if you are reading this then you already know and need some help. This issue that I found was that no one has actually really created a definitive help on this subject so it is almost a black art 🙂

Well for the hosting, as you know that can be on any platform that supports a web server or a shared directory, I don’t know the cons of a shared drive I have always used a web server.

This used to be hosted on an old Windows 2000 server, there was never a need to move it from this kit, but since we are moving to the virtual environment it has to go. So the obvious platform was one of our Linux servers serving out the company intranet blog.

Centos 5.5, latest Apache version.

You place the PAC file in the www root and point your browser at it and chances it will not display, just point a web browser at it and see what happen, if this is the case there were two issue with my installation.

SELINUX was still on, I hate that thing

setenforce 0 (that is zero)

Will disable this, I am sure there is away around this with and selinux command, but it was internal and it was just getting in the way.

The next thing was that the web server didn’t know what to do with the PAC file script.

add this line to the httpd.conf file (normally located /etc/httpd/conf/)

Addtype application/x-ns-proxy-autoconfig pac

Right enough about hosting, the basics of a PAC file are

function FindProxyForURL(url, host) {

Some functions to direct you to a proxy server or not

}

The functions are the key bit, you can paramatise the variables as this is just JavaScript at the ned of the day, but start of simple with hard-coded and then move to variables once it is working. But you knew this anyway, my PAC files are never very long and so I don’t bother with variables, it everyone’s own choice.

The basic functions are

if (evaluate some thing)

{

return (proxy / direct);

}

The return address will formatted either be

return “DIRECT”;

Will not go through the proxy server

or

return “PROXY(the proxy address including the port number)”

Will go through the proxy server

So lets start (there is an example at the end as this is the best way that I tend to learn, but it is worth understanding the basics

if ((host==” host address FQDN”))

{

return “DIRECT”;

}

This will check to see if the host matches and if so sets it direct and not through the proxy server

 

If you need multiple hosts then you can do the following

if ((host==” host address FQDN”)||

     (host==” host address FQDN”)

   )

{

return “DIRECT”;

}

To base the direction on the hosts ip address or range

if (isInNet(host, “ip address / network range”, “network mask”))

{
return “DIRECT”;

}

We can also evaluate the domain name of the host and base the decisions on this

if (dnsDomainIs(host, “.xxxxx.xxxx”)) {

return “DIRECT”;

}

Handy for keeping directing traffic to your internal servers especially if there are all on different sub-nets

 

If you want to look at a client address and create the direction based of this

if (isInNet(myIpAddress(), “ip address / range”, “network mask”)) {
return “PROXY xxxxxx:xx”;
}

 

If you can write JavaScript then I believe you can use any function if a PAC file.

 

You now need to test it 🙂 the best tool I have found is this pacparser the windows version is a command line tool, just a note I never got it working when the PAC file was hosted on a web server, but point it at a local file and it works perfectly.

 

After writing this I found a brilliant resource here, this has many examples much like above but does go into a bit more detail.

 

Now for the example, this is just and example but it does work in a live environment when some of the domains and proxies are changes, I don’t look for Google in my live environment, this is an illustration of how to use the host function.

 

function FindProxyForURL(url, host) {

// start with the exceptions

if ((host == “www.google.com”) ||

(host == “www.google.co.uk”))

{
return “DIRECT”;
}

if (isInNet(host, “192.3.1.0”, “255.255.255.0”))
{
return “DIRECT”;
}

if (isInNet(host, “192.4.1.0”, “255.255.255.0”))

{
return “DIRECT”;
}

if (isInNet(host, “10.0.0.0”, “255.0.0.0”))
{
return “DIRECT”;
}

// send all the company internal domain traffic direct

if (dnsDomainIs(host, “.mydomain.local”)) {
return “DIRECT”;
}

//if it does not match any thing proxy it

Return “PROXY proxy.mydomain.local:80”;

} // End of function

http://www.proxypacfiles.com/proxypac/index.php

Advertisements


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s