Proxy Auto Config File not allowing HTTPS

We are using WPAD.mycompany.com (DNS) to publish the Proxy auto config file to the environment from IIS.  It works great.  Except some sites cannot get to HTTPS.  I think the problem comes from this file as HTTPS is allowed if I manually set the proxy server in Internet Explorer.  

So i thought it was the Proxy, but apparently it is something in the Proxy Auto Config file.  Any tips?  Here is my file...

--------------------
function FindProxyForURL(url, host)
{
    var resolved_ip = dnsResolve(host);
    var proxy_str = "proxy address by site";

    if (isInNet(myIpAddress(), "192.168.63.0", "255.255.255.0"))            // Tokyo subnet
    {
        if (dnsDomainIs(host,"owa.mycompany.com"))
            return "PROXY 192.168.237.10:8080";
        else
            return "DIRECT";
    }
    else
    {
        if (isInNet(myIpAddress(), "172.35.0.0", "255.255.0.0") ||         // Israel
            isInNet(myIpAddress(), "172.21.0.0", "255.255.0.0") ||
            isInNet(myIpAddress(), "172.22.0.0", "255.255.0.0") ||
            isInNet(myIpAddress(), "192.168.25.0", "255.255.255.0"))
        {
            proxy_str = "PROXY 192.168.178.10:8080; DIRECT";
        }
        else
        {
            proxy_str = "PROXY 192.168.237.10:8080; DIRECT";
        }



        if (shExpMatch(url, "*ir.mycompany.com*") ||
            shExpMatch(url, "*images.mycompany.com*"))
        {
            return proxy_str;
        }
        else if (dnsDomainIs(host,".mycompany.com") ||
            isPlainHostName(host) ||
            isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
            isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
            isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
            isInNet(myIpAddress(), "192.168.201.0", "255.255.255.0") ||
            isInNet(myIpAddress(), "192.168.177.0", "255.255.255.0"))
        {
            return "DIRECT";
        }
        else
        {
            return proxy_str;
        }
    }
}


LVL 1
stowyoAmericas Regional IT ManagerAsked:
Who is Participating?
 
mccrackyCommented:
I don't see anything clearly wrong in your pac file.  I'd probably move the local subnet stuff to the top and add in 127.0.0.0/8.  I'd also add in a variable to keep from continually looking up myIpAddress.  Other than that, I'm not sure.   Are the ssl sites supposed to go through the proxy or DIRECT?  Is it with only a few sites or all?  what is the commonality of the sites that don't work?  If the ssl sites need to go through the proxy are they blocked if they try to go direct?  how was the problem noticed? would the problem be that it falls clear through and the proxy returned is "proxy address by site"?  Should the variable proxy_str be initialized to a valid proxy?

here's my take at your  pac file:

function FindProxyForURL(url, host)
{
    var my_ip = myIpAddress();
    var resolved_ip = dnsResolve(host);
    var proxy_str = "PROXY 192.168.237.10:8080; DIRECT";

    if (isPlainHostName(host) ||
        isInNet(resolved_ip, "127.0.0.0", "255.0.0.0") ||
        isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
        isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
        isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
        isInNet(my_ip, "192.168.201.0", "255.255.255.0") ||
        isInNet(my_ip, "192.168.177.0", "255.255.255.0"))
    {
        return "DIRECT";
    }
    else
    {
        if (isInNet(my_ip, "192.168.63.0", "255.255.255.0"))           // Tokyo subnet
        {
            if (dnsDomainIs(host,"owa.mycompany.com"))
                return "PROXY 192.168.237.10:8080";
            else
                return "DIRECT";
        }
        else
        {
            if (isInNet(my_ip, "172.35.0.0", "255.255.0.0") ||         // Israel
                isInNet(my_ip, "172.21.0.0", "255.255.0.0") ||
                isInNet(my_ip, "172.22.0.0", "255.255.0.0") ||
                isInNet(my_ip, "192.168.25.0", "255.255.255.0"))
            {
                proxy_str = "PROXY 192.168.178.10:8080; DIRECT";
            }

            if (shExpMatch(url, "*ir.mycompany.com*") ||
                shExpMatch(url, "*images.mycompany.com*"))
            {
                return proxy_str;
            }
            else if (dnsDomainIs(host,".mycompany.com") ||
            {
                return "DIRECT";
            }
            else
            {
                return proxy_str;
            }
        }
    }
}
0
 
stowyoAmericas Regional IT ManagerAuthor Commented:
Thank you.  I have Tokyo testing this and will not hear back till morning as they are on a 11 hour offset.  I will post back tomorrow.
0
 
stowyoAmericas Regional IT ManagerAuthor Commented:
Sir,  I used your re-written PAC file as a local configuration script and it worked.  Thank you.
0
 
mccrackyCommented:
Glad it worked.  I just looked at my take on your script again and noticed that there is an extra "||" on one of the lines.  Did you catch that?  

line:

else if (dnsDomainIs(host,".mycompany.com") ||
0
 
mccrackyCommented:
...and it's missing a ")"
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.