Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to bypass proxy server in IE for local domain or IP address range ?

Posted on 2009-04-08
11
Medium Priority
?
3,114 Views
Last Modified: 2013-12-08
Hello,
We have 2 isa servers in an array, users can connect to internet websites smoothly, when it comes to intranet sites they r still passing by the isa proxy servers.....i tried to type some ip address ranges and fqdn names in the exception area of IE but when i monitor the isa traffic still can see connections going through it to the intranet websites.....i read that ie recognizes only host names,tried some solutions but nothing worked.

On the other hand, when using Firefox it perfectly bypassed proxy for the mentioned exceptions.

my question is how to make the IE also bypass the whole internal domain by fqdn and ip address ranges ? is there any specific syntax in IE different than Firefox ?
0
Comment
Question by:AMFOP
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 1

Expert Comment

by:smile
ID: 24095119
While I was handling with different proxy configurations I soon discovered the limitations in configuring the proxy within each client config. So I started to use (and love) the proxy.pac.

Now we have a central proxy.pac for all to use and a single point of change, when another customer connects via VPN and we have another internal website, not connectable through the proxy.

You even can read your laptops internal IP adress and distinguish, where the laptop ist online (e.g. at home, at work, at a customers site) an use a specific proxy for each site.

See the following article for details: http://en.wikipedia.org/wiki/Proxy_auto-config
0
 

Author Comment

by:AMFOP
ID: 24095676
Hello,

Thanks for your response, i actually don't handle different proxy configurations, all i need is to bypass proxy for internal URLs...
0
 

Author Comment

by:AMFOP
ID: 24177949
so no one else to assist here ??
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Expert Comment

by:smile
ID: 24183429
believe me, using proxy.pac is not neccesarily bound to using different complex proxy configurations. One big advantage is ONE source to configure for most kinds of browsers.

so try using proxy.pac like this:

+ create a proxy.pac at a location, which can be accessed from all local clients. The content is given seperately. You just have to adjust your actual values for domain and proxy.
+ point the automatic configuration feature of all your browsers to the given location.
+ be happy

The configuration below defaults to using the proxy except for all local IP adresses (reserved private nets) , all plain host names (without domain/subdomain given) and all hosts within our own domain. You can easily modify the script to meet your needs.


function FindProxyForURL(url, host) {
	var  myProxy;
	var direct;
 
	myProxy = "PROXY myproxy.mycompany.com:8080";
	direct = "DIRECT";
 
	if (isPlainHostName(host))
               // local hosts w/o a given domain (no dot in the name string)
		return direct;
	else if (shExpMatch(host, "127.0.0.1"))
               // localhost never should use proxy
		return direct;
	else if (shExpMatch(host, "192.168.*"))
                // private class-c nets are not routed outside the company
		return direct;
	else if (shExpMatch(host, "10.*"))
               // private class-a net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.16.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.17.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.18.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.19.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.20.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.21.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.22.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.23.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.24.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.25.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.26.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.27.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.28.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.29.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.30.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (shExpMatch(host, "172.31.*.*")) // repeat 'til 31.*
               // private class-b net is not routed outside the company
		return direct;
	else if (localHostOrDomainIs(host, "specific.customer.de"))
               // specific.customer.de may be connected directly via VPN
		return direct;
	else if (dnsDomainIs(host, "mycompany.de"))
               // all hosts in local domain don't use proxy
		return direct;
	else
		//default to PROXY;
		return myProxy ;
}

Open in new window

0
 

Author Comment

by:AMFOP
ID: 24191089
Actually am not so good with scripts, i would really appreciate it if u help me with it.

Lets say my domain name is xyz.org, my proxy is abc.xyz.org:8080, my internal IP addresses (to be excluded from proxy) are:

192.168.2.0/24
192.168.1.0/24
194.153.170.0/24

what would the script look like to bypass internal traffic from proxy? ( even if proxy is down clients can still access internal servers) ??
0
 

Author Comment

by:AMFOP
ID: 24212236
Smile, i appreciate telling me about the proxy.pac but can u help with modifying it to match my needs ??
0
 
LVL 1

Accepted Solution

by:
smile earned 2000 total points
ID: 24214491
Hi AMFOP, replacing 'mycompany.com' with 'xyz.org' should really be possible for you, even if you are no scripting xpert. However, I'm in a good mood and supply a modified version to meet your needs:

I'm using additional variables for myDomain and myNet (which should in fact take YOUR domain and net as values) and provided the script with abc.xyz.org instead of myproxy.mycompany.com as example values.

Furthermore I removed the coding for the private class a net and all private class b nets, so the code gets smaller and maybe easier to understand.

Note the difference in your notion of the ip nets and the used notation with '*' wildcards: the methods in proxy.pac are using raw string comparison and cannot do any address calculation, which is neccessary, when you use the bitcount to specify an address mask. For the same reason there are so many lines in the above given example to avoid the proxy for the net 172.16/11.

Please note also, that you are receiving this solution at a very moderate price, when i take a look at the promised 250 points.

Greetings from Dortmund to Krakau!
function FindProxyForURL(url, host) {
        // on special request configured for The Polished Group SA
        // from ee user smile
        // (c) 2009 by ee user smile
        
        var myDomain;
        var myNet;
        var myProxy;
        var direct;
        
        myDomain = "xyz.org"
        myNet    = "194.153.170.*"
        myProxy  = "PROXY abc.xyz.org:8080";
        direct   = "DIRECT";
 
        if (isPlainHostName(host))
               // local hosts w/o a given domain (no dot in the name string)
                return direct;
        else if (dnsDomainIs(host, myDomain))
               // all hosts in local domain don't use proxy
                return direct;
        else if (shExpMatch(host, myNet))
               // the owned net don't need a proxy
                return direct;
        else if (shExpMatch(host, "127.0.0.1"))
               // localhost never should use proxy
                return direct;
        else if (shExpMatch(host, "192.168.*"))
                // private class-c nets are not routed outside the company
                return direct;
        else
                //default to PROXY;
                return myProxy ;
}

Open in new window

0
 

Author Comment

by:AMFOP
ID: 24234955
Smile,

i really appreciate your effort, i raised the points to 500 since that was a big pain in the ...... issue for me, now tell me, has the proxy.pac file to be on a web server ? i mean the automatic configuration address in IE starts with http://, can it be in any location and whats the link format in that case ( UNC, URL,....)....cheers.
0
 
LVL 1

Expert Comment

by:smile
ID: 24243341
I did not try UNC yet, but it seems, any URL will do.

* to get the config  from local C: drive, you have to enter file:///C:/proxydir/proxy.pac (as example). you may also take any other drive letter. I believe, that there is a syntax notation to fold any UNC paths into a file URL, but I don't know the exact syntax.

* to get it from any web server, simply enter the http: address.
You should reach that location without using the proxy.
0
 

Author Comment

by:AMFOP
ID: 24247735
well smile, i did create a website which points to the proxy.pac via IIS, then i typed http://servername.mydomain/proxy.pac in the automatic configuration discovery but its not working and i cant browse any website :(.....using the file on a local disk is working fine but i want to centralize it so all users can use the same configuration.
0
 

Author Comment

by:AMFOP
ID: 24257669
you deserve the points Smile.....thanks a lot and cheers :)
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Several part series to implement Internet Explorer 11 Enterprise Mode
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question