Need to resolve only 2 subnets to use proxy using pac file
I am using a .pac file to auto config our browsers to use our proxy sever (ISA 2006). This is just a bandaid type fix until we upgrade our routers. (Budget reasons). Using Group Policy, I have forced the .pac file for users in specific containers in AD. The following script worked well.
function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), "192.168.0.0", "255.255.0.0"))
return "PROXY 192.168.101.1:8080";
else
return "DIRECT";
}
Too well it seems. This causes a couple of problems. First, laptop users who try to access the internet at home are blocked if they use any type of router that assigns a 192.168.x.x address. Secondly, users who login at a different branch location are forced to use the proxy where we don't want them to.
So really, I only want users in 2 specific subnets to use the proxy, otherwise go direct. I edited the pac file, but I can't get it to work. Here is my code:
function FindProxyForURL(url, host)
{
if ((isInNet(myIpAddress(), "192.168.101.0", "255.255.255.0"))
(isInNet(myIpAddress(), "192.168.103.0", "255.255.255.0")))
return "PROXY 192.168.101.1:8080";
else
return "DIRECT";
}
Can anyone offer suggestions? I can't use the DNS or DHCP method since that would affect all users in the domain.
Thanks!
function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), "192.168.0.0", "255.255.0.0"))
return "PROXY 192.168.101.1:8080";
else
return "DIRECT";
}
Too well it seems. This causes a couple of problems. First, laptop users who try to access the internet at home are blocked if they use any type of router that assigns a 192.168.x.x address. Secondly, users who login at a different branch location are forced to use the proxy where we don't want them to.
So really, I only want users in 2 specific subnets to use the proxy, otherwise go direct. I edited the pac file, but I can't get it to work. Here is my code:
function FindProxyForURL(url, host)
{
if ((isInNet(myIpAddress(), "192.168.101.0", "255.255.255.0"))
(isInNet(myIpAddress(), "192.168.103.0", "255.255.255.0")))
return "PROXY 192.168.101.1:8080";
else
return "DIRECT";
}
Can anyone offer suggestions? I can't use the DNS or DHCP method since that would affect all users in the domain.
Thanks!
chuckyh
Why are users in a different branch in this same AD container?
ASKER
They are not.
Where this file is located? On the local drives? We use it from internal http (web) server. So when people are outside, the browser cannot retrieve the script and goes directly. It's causing a short, couple of seconds delay before the initial page popes up and then everything is fine.
ASKER
Externally, I guess I could put it on an internal server, and try that. Though I would still like a coded solution to the pac file. Even internally, I need to specify the subnets to use.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Perfect, that worked. Thanks.
I also tried using the pac file internally instead, but when clients connected remotely via vpn, it grabbed the script anyway.
This should save me some headaches temporarily.
I also tried using the pac file internally instead, but when clients connected remotely via vpn, it grabbed the script anyway.
This should save me some headaches temporarily.
It's not the best idea to run a vpn in the split mode. It saves some bandwidth but creates security issues. Generally the remote computer becomes a wide opened bridge to your internal network. It's up to you, but just FYI.