Solved

How to bypass proxy server in IE for local domain or IP address range ?

Posted on 2009-04-08
11
2,887 Views
Last Modified: 2013-12-08
Hello,
We have 2 isa servers in an array, users can connect to internet websites smoothly, when it comes to intranet sites they r still passing by the isa proxy servers.....i tried to type some ip address ranges and fqdn names in the exception area of IE but when i monitor the isa traffic still can see connections going through it to the intranet websites.....i read that ie recognizes only host names,tried some solutions but nothing worked.

On the other hand, when using Firefox it perfectly bypassed proxy for the mentioned exceptions.

my question is how to make the IE also bypass the whole internal domain by fqdn and ip address ranges ? is there any specific syntax in IE different than Firefox ?
0
Comment
Question by:AMFOP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 1

Expert Comment

by:smile
ID: 24095119
While I was handling with different proxy configurations I soon discovered the limitations in configuring the proxy within each client config. So I started to use (and love) the proxy.pac.

Now we have a central proxy.pac for all to use and a single point of change, when another customer connects via VPN and we have another internal website, not connectable through the proxy.

You even can read your laptops internal IP adress and distinguish, where the laptop ist online (e.g. at home, at work, at a customers site) an use a specific proxy for each site.

See the following article for details: http://en.wikipedia.org/wiki/Proxy_auto-config
0
 

Author Comment

by:AMFOP
ID: 24095676
Hello,

Thanks for your response, i actually don't handle different proxy configurations, all i need is to bypass proxy for internal URLs...
0
 

Author Comment

by:AMFOP
ID: 24177949
so no one else to assist here ??
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 1

Expert Comment

by:smile
ID: 24183429
believe me, using proxy.pac is not neccesarily bound to using different complex proxy configurations. One big advantage is ONE source to configure for most kinds of browsers.

so try using proxy.pac like this:

+ create a proxy.pac at a location, which can be accessed from all local clients. The content is given seperately. You just have to adjust your actual values for domain and proxy.
+ point the automatic configuration feature of all your browsers to the given location.
+ be happy

The configuration below defaults to using the proxy except for all local IP adresses (reserved private nets) , all plain host names (without domain/subdomain given) and all hosts within our own domain. You can easily modify the script to meet your needs.


function FindProxyForURL(url, host) {
	var  myProxy;
	var direct;
 
	myProxy = "PROXY myproxy.mycompany.com:8080";
	direct = "DIRECT";
 
	if (isPlainHostName(host))
               // local hosts w/o a given domain (no dot in the name string)
		return direct;
	else if (shExpMatch(host, "127.0.0.1"))
               // localhost never should use proxy
		return direct;
	else if (shExpMatch(host, "192.168.*"))
                // private class-c nets are not routed outside the company
		return direct;
	else if (shExpMatch(host, "10.*"))
               // private class-a net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.16.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.17.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.18.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.19.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.20.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.21.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.22.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.23.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.24.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.25.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.26.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.27.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.28.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.29.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.30.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.31.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (localHostOrDomainIs(host, "specific.customer.de"))
               // specific.customer.de may be connected directly via VPN
		return direct;
	else if (dnsDomainIs(host, "mycompany.de"))
               // all hosts in local domain don't use proxy
		return direct;
	else
		//default to PROXY;
		return myProxy ;
}

Open in new window

0
 

Author Comment

by:AMFOP
ID: 24191089
Actually am not so good with scripts, i would really appreciate it if u help me with it.

Lets say my domain name is xyz.org, my proxy is abc.xyz.org:8080, my internal IP addresses (to be excluded from proxy) are:

192.168.2.0/24
192.168.1.0/24
194.153.170.0/24

what would the script look like to bypass internal traffic from proxy? ( even if proxy is down clients can still access internal servers) ??
0
 

Author Comment

by:AMFOP
ID: 24212236
Smile, i appreciate telling me about the proxy.pac but can u help with modifying it to match my needs ??
0
 
LVL 1

Accepted Solution

by:
smile earned 500 total points
ID: 24214491
Hi AMFOP, replacing 'mycompany.com' with 'xyz.org' should really be possible for you, even if you are no scripting xpert. However, I'm in a good mood and supply a modified version to meet your needs:

I'm using additional variables for myDomain and myNet (which should in fact take YOUR domain and net as values) and provided the script with abc.xyz.org instead of myproxy.mycompany.com as example values.

Furthermore I removed the coding for the private class a net and all private class b nets, so the code gets smaller and maybe easier to understand.

Note the difference in your notion of the ip nets and the used notation with '*' wildcards: the methods in proxy.pac are using raw string comparison and cannot do any address calculation, which is neccessary, when you use the bitcount to specify an address mask. For the same reason there are so many lines in the above given example to avoid the proxy for the net 172.16/11.

Please note also, that you are receiving this solution at a very moderate price, when i take a look at the promised 250 points.

Greetings from Dortmund to Krakau!
function FindProxyForURL(url, host) {
        // on special request configured for The Polished Group SA
        // from ee user smile
        // (c) 2009 by ee user smile
        
        var myDomain;
        var myNet;
        var myProxy;
        var direct;
        
        myDomain = "xyz.org"
        myNet    = "194.153.170.*"
        myProxy  = "PROXY abc.xyz.org:8080";
        direct   = "DIRECT";
 
        if (isPlainHostName(host))
               // local hosts w/o a given domain (no dot in the name string)
                return direct;
        else if (dnsDomainIs(host, myDomain))
               // all hosts in local domain don't use proxy
                return direct;
        else if (shExpMatch(host, myNet))
               // the owned net don't need a proxy
                return direct;
        else if (shExpMatch(host, "127.0.0.1"))
               // localhost never should use proxy
                return direct;
        else if (shExpMatch(host, "192.168.*"))
                // private class-c nets are not routed outside the company
                return direct;
        else
                //default to PROXY;
                return myProxy ;
}

Open in new window

0
 

Author Comment

by:AMFOP
ID: 24234955
Smile,

i really appreciate your effort, i raised the points to 500 since that was a big pain in the ...... issue for me, now tell me, has the proxy.pac file to be on a web server ? i mean the automatic configuration address in IE starts with http://, can it be in any location and whats the link format in that case ( UNC, URL,....)....cheers.
0
 
LVL 1

Expert Comment

by:smile
ID: 24243341
I did not try UNC yet, but it seems, any URL will do.

* to get the config  from local C: drive, you have to enter file:///C:/proxydir/proxy.pac (as example). you may also take any other drive letter. I believe, that there is a syntax notation to fold any UNC paths into a file URL, but I don't know the exact syntax.

* to get it from any web server, simply enter the http: address.
You should reach that location without using the proxy.
0
 

Author Comment

by:AMFOP
ID: 24247735
well smile, i did create a website which points to the proxy.pac via IIS, then i typed http://servername.mydomain/proxy.pac in the automatic configuration discovery but its not working and i cant browse any website :(.....using the file on a local disk is working fine but i want to centralize it so all users can use the same configuration.
0
 

Author Comment

by:AMFOP
ID: 24257669
you deserve the points Smile.....thanks a lot and cheers :)
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had to do a bit of research to find the answer to this question so I thought I'd share my results.  Due to our outdated mainframe systems, we need to downgrade IE9 to IE8 in order to stay compatible.  We also needed to downgrade Java.  In order to…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question