Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3535
  • Last Modified:

How to bypass proxy server in IE for local domain or IP address range ?

Hello,
We have 2 isa servers in an array, users can connect to internet websites smoothly, when it comes to intranet sites they r still passing by the isa proxy servers.....i tried to type some ip address ranges and fqdn names in the exception area of IE but when i monitor the isa traffic still can see connections going through it to the intranet websites.....i read that ie recognizes only host names,tried some solutions but nothing worked.

On the other hand, when using Firefox it perfectly bypassed proxy for the mentioned exceptions.

my question is how to make the IE also bypass the whole internal domain by fqdn and ip address ranges ? is there any specific syntax in IE different than Firefox ?
0
AMFOP
Asked:
AMFOP
  • 7
  • 4
1 Solution
 
smileCommented:
While I was handling with different proxy configurations I soon discovered the limitations in configuring the proxy within each client config. So I started to use (and love) the proxy.pac.

Now we have a central proxy.pac for all to use and a single point of change, when another customer connects via VPN and we have another internal website, not connectable through the proxy.

You even can read your laptops internal IP adress and distinguish, where the laptop ist online (e.g. at home, at work, at a customers site) an use a specific proxy for each site.

See the following article for details: http://en.wikipedia.org/wiki/Proxy_auto-config
0
 
AMFOPAuthor Commented:
Hello,

Thanks for your response, i actually don't handle different proxy configurations, all i need is to bypass proxy for internal URLs...
0
 
AMFOPAuthor Commented:
so no one else to assist here ??
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
smileCommented:
believe me, using proxy.pac is not neccesarily bound to using different complex proxy configurations. One big advantage is ONE source to configure for most kinds of browsers.

so try using proxy.pac like this:

+ create a proxy.pac at a location, which can be accessed from all local clients. The content is given seperately. You just have to adjust your actual values for domain and proxy.
+ point the automatic configuration feature of all your browsers to the given location.
+ be happy

The configuration below defaults to using the proxy except for all local IP adresses (reserved private nets) , all plain host names (without domain/subdomain given) and all hosts within our own domain. You can easily modify the script to meet your needs.


function FindProxyForURL(url, host) {
	var  myProxy;
	var direct;
 
	myProxy = "PROXY myproxy.mycompany.com:8080";
	direct = "DIRECT";
 
	if (isPlainHostName(host))
               // local hosts w/o a given domain (no dot in the name string)
		return direct;
	else if (shExpMatch(host, "127.0.0.1"))
               // localhost never should use proxy
		return direct;
	else if (shExpMatch(host, "192.168.*"))
                // private class-c nets are not routed outside the company
		return direct;
	else if (shExpMatch(host, "10.*"))
               // private class-a net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.16.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.17.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.18.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.19.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.20.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.21.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.22.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.23.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.24.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.25.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.26.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.27.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.28.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.29.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.30.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.31.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (localHostOrDomainIs(host, "specific.customer.de"))
               // specific.customer.de may be connected directly via VPN
		return direct;
	else if (dnsDomainIs(host, "mycompany.de"))
               // all hosts in local domain don't use proxy
		return direct;
	else
		//default to PROXY;
		return myProxy ;
}

Open in new window

0
 
AMFOPAuthor Commented:
Actually am not so good with scripts, i would really appreciate it if u help me with it.

Lets say my domain name is xyz.org, my proxy is abc.xyz.org:8080, my internal IP addresses (to be excluded from proxy) are:

192.168.2.0/24
192.168.1.0/24
194.153.170.0/24

what would the script look like to bypass internal traffic from proxy? ( even if proxy is down clients can still access internal servers) ??
0
 
AMFOPAuthor Commented:
Smile, i appreciate telling me about the proxy.pac but can u help with modifying it to match my needs ??
0
 
smileCommented:
Hi AMFOP, replacing 'mycompany.com' with 'xyz.org' should really be possible for you, even if you are no scripting xpert. However, I'm in a good mood and supply a modified version to meet your needs:

I'm using additional variables for myDomain and myNet (which should in fact take YOUR domain and net as values) and provided the script with abc.xyz.org instead of myproxy.mycompany.com as example values.

Furthermore I removed the coding for the private class a net and all private class b nets, so the code gets smaller and maybe easier to understand.

Note the difference in your notion of the ip nets and the used notation with '*' wildcards: the methods in proxy.pac are using raw string comparison and cannot do any address calculation, which is neccessary, when you use the bitcount to specify an address mask. For the same reason there are so many lines in the above given example to avoid the proxy for the net 172.16/11.

Please note also, that you are receiving this solution at a very moderate price, when i take a look at the promised 250 points.

Greetings from Dortmund to Krakau!
function FindProxyForURL(url, host) {
        // on special request configured for The Polished Group SA
        // from ee user smile
        // (c) 2009 by ee user smile
        
        var myDomain;
        var myNet;
        var myProxy;
        var direct;
        
        myDomain = "xyz.org"
        myNet    = "194.153.170.*"
        myProxy  = "PROXY abc.xyz.org:8080";
        direct   = "DIRECT";
 
        if (isPlainHostName(host))
               // local hosts w/o a given domain (no dot in the name string)
                return direct;
        else if (dnsDomainIs(host, myDomain))
               // all hosts in local domain don't use proxy
                return direct;
        else if (shExpMatch(host, myNet))
               // the owned net don't need a proxy
                return direct;
        else if (shExpMatch(host, "127.0.0.1"))
               // localhost never should use proxy
                return direct;
        else if (shExpMatch(host, "192.168.*"))
                // private class-c nets are not routed outside the company
                return direct;
        else
                //default to PROXY;
                return myProxy ;
}

Open in new window

0
 
AMFOPAuthor Commented:
Smile,

i really appreciate your effort, i raised the points to 500 since that was a big pain in the ...... issue for me, now tell me, has the proxy.pac file to be on a web server ? i mean the automatic configuration address in IE starts with http://, can it be in any location and whats the link format in that case ( UNC, URL,....)....cheers.
0
 
smileCommented:
I did not try UNC yet, but it seems, any URL will do.

* to get the config  from local C: drive, you have to enter file:///C:/proxydir/proxy.pac (as example). you may also take any other drive letter. I believe, that there is a syntax notation to fold any UNC paths into a file URL, but I don't know the exact syntax.

* to get it from any web server, simply enter the http: address.
You should reach that location without using the proxy.
0
 
AMFOPAuthor Commented:
well smile, i did create a website which points to the proxy.pac via IIS, then i typed http://servername.mydomain/proxy.pac in the automatic configuration discovery but its not working and i cant browse any website :(.....using the file on a local disk is working fine but i want to centralize it so all users can use the same configuration.
0
 
AMFOPAuthor Commented:
you deserve the points Smile.....thanks a lot and cheers :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now