asked on

How to bypass proxy server in IE for local domain or IP address range ?

Hello,
We have 2 isa servers in an array, users can connect to internet websites smoothly, when it comes to intranet sites they r still passing by the isa proxy servers.....i tried to type some ip address ranges and fqdn names in the exception area of IE but when i monitor the isa traffic still can see connections going through it to the intranet websites.....i read that ie recognizes only host names,tried some solutions but nothing worked.

On the other hand, when using Firefox it perfectly bypassed proxy for the mentioned exceptions.

my question is how to make the IE also bypass the whole internal domain by fqdn and ip address ranges ? is there any specific syntax in IE different than Firefox ?

smile

While I was handling with different proxy configurations I soon discovered the limitations in configuring the proxy within each client config. So I started to use (and love) the proxy.pac.

Now we have a central proxy.pac for all to use and a single point of change, when another customer connects via VPN and we have another internal website, not connectable through the proxy.

You even can read your laptops internal IP adress and distinguish, where the laptop ist online (e.g. at home, at work, at a customers site) an use a specific proxy for each site.

See the following article for details: http://en.wikipedia.org/wiki/Proxy_auto-config

AMFOP

ASKER

Hello,

Thanks for your response, i actually don't handle different proxy configurations, all i need is to bypass proxy for internal URLs...

AMFOP

ASKER

so no one else to assist here ??

smile

believe me, using proxy.pac is not neccesarily bound to using different complex proxy configurations. One big advantage is ONE source to configure for most kinds of browsers.

so try using proxy.pac like this:

+ create a proxy.pac at a location, which can be accessed from all local clients. The content is given seperately. You just have to adjust your actual values for domain and proxy.
+ point the automatic configuration feature of all your browsers to the given location.
+ be happy

The configuration below defaults to using the proxy except for all local IP adresses (reserved private nets) , all plain host names (without domain/subdomain given) and all hosts within our own domain. You can easily modify the script to meet your needs.

function FindProxyForURL(url, host) {
	var  myProxy;
	var direct;
 
	myProxy = "PROXY myproxy.mycompany.com:8080";
	direct = "DIRECT";
 
	if (isPlainHostName(host))
               // local hosts w/o a given domain (no dot in the name string)
		return direct;
	else if (shExpMatch(host, "127.0.0.1"))
               // localhost never should use proxy
		return direct;
	else if (shExpMatch(host, "192.168.*"))
                // private class-c nets are not routed outside the company
		return direct;
	else if (shExpMatch(host, "10.*"))
               // private class-a net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.16.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.17.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.18.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.19.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.20.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.21.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.22.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.23.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.24.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.25.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.26.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.27.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.28.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.29.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.30.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.31.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (localHostOrDomainIs(host, "specific.customer.de"))
               // specific.customer.de may be connected directly via VPN
		return direct;
	else if (dnsDomainIs(host, "mycompany.de"))
               // all hosts in local domain don't use proxy
		return direct;
	else
		//default to PROXY;
		return myProxy ;
}

Open in new window

AMFOP

ASKER

Actually am not so good with scripts, i would really appreciate it if u help me with it.

Lets say my domain name is xyz.org, my proxy is abc.xyz.org:8080, my internal IP addresses (to be excluded from proxy) are:

192.168.2.0/24
192.168.1.0/24
194.153.170.0/24

what would the script look like to bypass internal traffic from proxy? ( even if proxy is down clients can still access internal servers) ??

AMFOP

ASKER

Smile, i appreciate telling me about the proxy.pac but can u help with modifying it to match my needs ??

ASKER CERTIFIED SOLUTION

smile

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

AMFOP

ASKER

Smile,

i really appreciate your effort, i raised the points to 500 since that was a big pain in the ...... issue for me, now tell me, has the proxy.pac file to be on a web server ? i mean the automatic configuration address in IE starts with http://, can it be in any location and whats the link format in that case ( UNC, URL,....)....cheers.

smile

I did not try UNC yet, but it seems, any URL will do.

* to get the config from local C: drive, you have to enter file:///C:/proxydir/proxy.pac (as example). you may also take any other drive letter. I believe, that there is a syntax notation to fold any UNC paths into a file URL, but I don't know the exact syntax.

* to get it from any web server, simply enter the http: address.
You should reach that location without using the proxy.

AMFOP

ASKER

well smile, i did create a website which points to the proxy.pac via IIS, then i typed http://servername.mydomain/proxy.pac in the automatic configuration discovery but its not working and i cant browse any website :(.....using the file on a local disk is working fine but i want to centralize it so all users can use the same configuration.

AMFOP

ASKER

you deserve the points Smile.....thanks a lot and cheers :)