Solved

proxy.pac configuration

Posted on 2007-11-19
8
894 Views
Last Modified: 2009-07-29
Hi

Can someone please assist me with the creation of a proxy.pac file?

I need the following within the file, which will be stored on each user's pc & enforced by group policy:

* when a user is on our company's domain, I want every connection to the internet to go through the proxy server, except when the user is trying to access a handfull of sites (e.g. server1.ourcompany.com)

* when a user isn't on our domain (e.g. they have taken their laptop home), they need to access the internet without trying to go through our proxy server.

Thanks!

Ash
0
Comment
Question by:ashonline
  • 5
  • 2
8 Comments
 
LVL 4

Accepted Solution

by:
Beldoran earned 500 total points
Comment Utility
In the wiki entry at http://en.wikipedia.org/wiki/Proxy_auto-config are some details on the things you can do.
About 2/3rds down the page is a Javascript example which could be modified to do what you want using the isInNet function. (the 'more complicated example')
0
 

Author Comment

by:ashonline
Comment Utility
Thanks Beldoran, this will help me out.

Any ideas on the detection of whether the user's pc is on the domain or not?
0
 
LVL 4

Expert Comment

by:Beldoran
Comment Utility
You can check for an IP range. I would assume that your domain has a defined/stable IP range?

or. If you use dhcp or/with particular dns servers you could also check these instead. That page had a reference to bunch of other functions which look interesting.

or. If your java programming is good you may be able to extract the domain name from the machine directly in the script. (My strength is vbscript in which it is trivial to do this, but that does not help here)
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 4

Assisted Solution

by:Beldoran
Beldoran earned 500 total points
Comment Utility
Try this function,

dnsDomainIs(host,".mydomain.com")
0
 

Author Comment

by:ashonline
Comment Utility
Hi Beldoran

Thanks for all your help with this.

Can you please advise on whether this proxy.pac file will be any good?

Thanks

Ash
function FindProxyForURL(url, host)

{

	var proxy_yes = "PROXY 192.168.0.129:8080";

	var proxy_no = "DIRECT";
 

	if (shExpMatch(url, "http://www.ourcompany.com*")) { return proxy_no; }

	if (shExpMatch(url, "http://www.anothercompany.com.au*")) { return proxy_no; }
 

	// Proxy if PC is on local LAN

	if (dnsDomainIs(host, ".ourcompany.com"))

		{ return proxy_yes; };

	else

		{ return proxy_no; };

}

Open in new window

0
 
LVL 4

Expert Comment

by:Beldoran
Comment Utility
My Javascript is not that hot but it looks ok except for
http://www.ourcompany.com* may need to be http://www.ourcompany.com/*
same for http://www.anothercompany.com.au*

My reading of your script is that if it is going to www.ourcompany.com or www.anothercompany.com.au then there will be a direct connection. same for a host on .ourcompany.com. Everything else goes direct.
0
 
LVL 4

Assisted Solution

by:Beldoran
Beldoran earned 500 total points
Comment Utility
I am using this page for a function reference
http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html

From this I am not sure it will work as from the page above "host =
the hostname extracted from the URL. This is only for convenience..."
This means that it is the page that is being asked for not the actual host.

A possible solution is to add an entry in your internal DNS for (say) "internal" and use this function (may not by syntactically correct)

        if (isResolvable("http://internal.ourcompany.com"))
          { return proxy_yes; };
        else
          { return proxy_no; };

This means that if you can resolve this host you MUST be on the internal network so use the proxy otherwise go direct
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now