Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need to resolve only 2 subnets to use proxy using pac file

Posted on 2007-11-15
7
Medium Priority
?
1,068 Views
Last Modified: 2009-12-16
I am using a .pac file to auto config our browsers to use our proxy sever (ISA 2006). This is just a bandaid type fix until we upgrade our routers. (Budget reasons). Using Group Policy, I have forced the .pac file for users in specific containers in AD. The following script worked well.

function FindProxyForURL(url, host)
{
 if (isInNet(myIpAddress(), "192.168.0.0", "255.255.0.0"))
  return "PROXY 192.168.101.1:8080";
 else
  return "DIRECT";
}

Too well it seems. This causes a couple of problems. First, laptop users who try to access the internet at home are blocked if they use any type of router that assigns a 192.168.x.x address. Secondly, users who login at a different branch location are forced to use the proxy where we don't want them to.

So really, I only want users in 2 specific subnets to use the proxy, otherwise go direct. I edited the pac file, but I can't get it to work. Here is my code:

function FindProxyForURL(url, host)

{
 if ((isInNet(myIpAddress(), "192.168.101.0", "255.255.255.0"))
     (isInNet(myIpAddress(), "192.168.103.0", "255.255.255.0")))
   
    return "PROXY 192.168.101.1:8080";

 else
    return "DIRECT";
 
}

Can anyone offer suggestions? I can't use the DNS or DHCP method since that would affect all users in the domain.

Thanks!
0
Comment
Question by:LTIADMIN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 18

Expert Comment

by:chuckyh
ID: 20290394
Why are users in a different branch in this same AD container?
0
 

Author Comment

by:LTIADMIN
ID: 20290444
They are not.
0
 
LVL 11

Expert Comment

by:tvman_od
ID: 20292178
Where this file is located? On the local drives? We use it from internal http (web) server. So when people are outside, the browser cannot retrieve the script and goes directly. It's causing a short, couple of seconds delay before the initial page popes up and then everything is fine.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 

Author Comment

by:LTIADMIN
ID: 20292258
Externally, I guess I could put it on an internal server, and try that. Though I would still like a coded solution to the pac file. Even internally, I need to specify the subnets to use.
0
 
LVL 11

Accepted Solution

by:
tvman_od earned 2000 total points
ID: 20292849
function FindProxyForURL(url, host)

{
 if (
         isInNet(myIpAddress(), "192.168.101.0", "255.255.255.0")
     || isInNet(myIpAddress(), "192.168.103.0", "255.255.255.0")
)
   
 return "PROXY 192.168.101.1:8080";

 else
    return "DIRECT";
 
}
0
 

Author Comment

by:LTIADMIN
ID: 20299581
Perfect, that worked. Thanks.

I also tried using the pac file internally instead, but when clients connected remotely via vpn, it grabbed the script anyway.

This should save me some headaches temporarily.
0
 
LVL 11

Expert Comment

by:tvman_od
ID: 20300357
It's not the best idea to run a vpn in the split mode. It saves some bandwidth but creates security issues. Generally the remote computer becomes a wide opened bridge to your internal network. It's up to you, but just FYI.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Managing 24/7 IT Operations is a hands-on job and indeed a difficult one. Over the years I have found some simple tips and techniques to increase the efficiency of the overall operations. The core concept has always been on continuous improvement; a…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question