Solved

How to bypass proxy server in IE for local domain or IP address range ?

Posted on 2009-04-08
11
2,763 Views
Last Modified: 2013-12-08
Hello,
We have 2 isa servers in an array, users can connect to internet websites smoothly, when it comes to intranet sites they r still passing by the isa proxy servers.....i tried to type some ip address ranges and fqdn names in the exception area of IE but when i monitor the isa traffic still can see connections going through it to the intranet websites.....i read that ie recognizes only host names,tried some solutions but nothing worked.

On the other hand, when using Firefox it perfectly bypassed proxy for the mentioned exceptions.

my question is how to make the IE also bypass the whole internal domain by fqdn and ip address ranges ? is there any specific syntax in IE different than Firefox ?
0
Comment
Question by:AMFOP
  • 7
  • 4
11 Comments
 
LVL 1

Expert Comment

by:smile
ID: 24095119
While I was handling with different proxy configurations I soon discovered the limitations in configuring the proxy within each client config. So I started to use (and love) the proxy.pac.

Now we have a central proxy.pac for all to use and a single point of change, when another customer connects via VPN and we have another internal website, not connectable through the proxy.

You even can read your laptops internal IP adress and distinguish, where the laptop ist online (e.g. at home, at work, at a customers site) an use a specific proxy for each site.

See the following article for details: http://en.wikipedia.org/wiki/Proxy_auto-config
0
 

Author Comment

by:AMFOP
ID: 24095676
Hello,

Thanks for your response, i actually don't handle different proxy configurations, all i need is to bypass proxy for internal URLs...
0
 

Author Comment

by:AMFOP
ID: 24177949
so no one else to assist here ??
0
 
LVL 1

Expert Comment

by:smile
ID: 24183429
believe me, using proxy.pac is not neccesarily bound to using different complex proxy configurations. One big advantage is ONE source to configure for most kinds of browsers.

so try using proxy.pac like this:

+ create a proxy.pac at a location, which can be accessed from all local clients. The content is given seperately. You just have to adjust your actual values for domain and proxy.
+ point the automatic configuration feature of all your browsers to the given location.
+ be happy

The configuration below defaults to using the proxy except for all local IP adresses (reserved private nets) , all plain host names (without domain/subdomain given) and all hosts within our own domain. You can easily modify the script to meet your needs.


function FindProxyForURL(url, host) {

	var  myProxy;

	var direct;
 

	myProxy = "PROXY myproxy.mycompany.com:8080";

	direct = "DIRECT";
 

	if (isPlainHostName(host))

               // local hosts w/o a given domain (no dot in the name string)

		return direct;

	else if (shExpMatch(host, "127.0.0.1"))

               // localhost never should use proxy

		return direct;

	else if (shExpMatch(host, "192.168.*"))

                // private class-c nets are not routed outside the company

		return direct;

	else if (shExpMatch(host, "10.*"))

               // private class-a net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.16.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.17.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.18.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.19.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.20.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.21.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.22.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.23.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.24.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.25.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.26.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.27.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.28.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.29.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.30.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (shExpMatch(host, "172.31.*.*")) // repeat 'til 31.*

               // private class-b net is not routed outside the company

		return direct;

	else if (localHostOrDomainIs(host, "specific.customer.de"))

               // specific.customer.de may be connected directly via VPN

		return direct;

	else if (dnsDomainIs(host, "mycompany.de"))

               // all hosts in local domain don't use proxy

		return direct;

	else

		//default to PROXY;

		return myProxy ;

}

Open in new window

0
 

Author Comment

by:AMFOP
ID: 24191089
Actually am not so good with scripts, i would really appreciate it if u help me with it.

Lets say my domain name is xyz.org, my proxy is abc.xyz.org:8080, my internal IP addresses (to be excluded from proxy) are:

192.168.2.0/24
192.168.1.0/24
194.153.170.0/24

what would the script look like to bypass internal traffic from proxy? ( even if proxy is down clients can still access internal servers) ??
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:AMFOP
ID: 24212236
Smile, i appreciate telling me about the proxy.pac but can u help with modifying it to match my needs ??
0
 
LVL 1

Accepted Solution

by:
smile earned 500 total points
ID: 24214491
Hi AMFOP, replacing 'mycompany.com' with 'xyz.org' should really be possible for you, even if you are no scripting xpert. However, I'm in a good mood and supply a modified version to meet your needs:

I'm using additional variables for myDomain and myNet (which should in fact take YOUR domain and net as values) and provided the script with abc.xyz.org instead of myproxy.mycompany.com as example values.

Furthermore I removed the coding for the private class a net and all private class b nets, so the code gets smaller and maybe easier to understand.

Note the difference in your notion of the ip nets and the used notation with '*' wildcards: the methods in proxy.pac are using raw string comparison and cannot do any address calculation, which is neccessary, when you use the bitcount to specify an address mask. For the same reason there are so many lines in the above given example to avoid the proxy for the net 172.16/11.

Please note also, that you are receiving this solution at a very moderate price, when i take a look at the promised 250 points.

Greetings from Dortmund to Krakau!
function FindProxyForURL(url, host) {

        // on special request configured for The Polished Group SA

        // from ee user smile

        // (c) 2009 by ee user smile

        

        var myDomain;

        var myNet;

        var myProxy;

        var direct;

        

        myDomain = "xyz.org"

        myNet    = "194.153.170.*"

        myProxy  = "PROXY abc.xyz.org:8080";

        direct   = "DIRECT";

 

        if (isPlainHostName(host))

               // local hosts w/o a given domain (no dot in the name string)

                return direct;

        else if (dnsDomainIs(host, myDomain))

               // all hosts in local domain don't use proxy

                return direct;

        else if (shExpMatch(host, myNet))

               // the owned net don't need a proxy

                return direct;

        else if (shExpMatch(host, "127.0.0.1"))

               // localhost never should use proxy

                return direct;

        else if (shExpMatch(host, "192.168.*"))

                // private class-c nets are not routed outside the company

                return direct;

        else

                //default to PROXY;

                return myProxy ;

}

Open in new window

0
 

Author Comment

by:AMFOP
ID: 24234955
Smile,

i really appreciate your effort, i raised the points to 500 since that was a big pain in the ...... issue for me, now tell me, has the proxy.pac file to be on a web server ? i mean the automatic configuration address in IE starts with http://, can it be in any location and whats the link format in that case ( UNC, URL,....)....cheers.
0
 
LVL 1

Expert Comment

by:smile
ID: 24243341
I did not try UNC yet, but it seems, any URL will do.

* to get the config  from local C: drive, you have to enter file:///C:/proxydir/proxy.pac (as example). you may also take any other drive letter. I believe, that there is a syntax notation to fold any UNC paths into a file URL, but I don't know the exact syntax.

* to get it from any web server, simply enter the http: address.
You should reach that location without using the proxy.
0
 

Author Comment

by:AMFOP
ID: 24247735
well smile, i did create a website which points to the proxy.pac via IIS, then i typed http://servername.mydomain/proxy.pac in the automatic configuration discovery but its not working and i cant browse any website :(.....using the file on a local disk is working fine but i want to centralize it so all users can use the same configuration.
0
 

Author Comment

by:AMFOP
ID: 24257669
you deserve the points Smile.....thanks a lot and cheers :)
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Several part series to implement Internet Explorer 11 Enterprise Mode
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now