?
Solved

Proxy Auto Config File not allowing HTTPS

Posted on 2011-05-10
5
Medium Priority
?
1,171 Views
Last Modified: 2012-06-27
We are using WPAD.mycompany.com (DNS) to publish the Proxy auto config file to the environment from IIS.  It works great.  Except some sites cannot get to HTTPS.  I think the problem comes from this file as HTTPS is allowed if I manually set the proxy server in Internet Explorer.  

So i thought it was the Proxy, but apparently it is something in the Proxy Auto Config file.  Any tips?  Here is my file...

--------------------
function FindProxyForURL(url, host)
{
    var resolved_ip = dnsResolve(host);
    var proxy_str = "proxy address by site";

    if (isInNet(myIpAddress(), "192.168.63.0", "255.255.255.0"))            // Tokyo subnet
    {
        if (dnsDomainIs(host,"owa.mycompany.com"))
            return "PROXY 192.168.237.10:8080";
        else
            return "DIRECT";
    }
    else
    {
        if (isInNet(myIpAddress(), "172.35.0.0", "255.255.0.0") ||         // Israel
            isInNet(myIpAddress(), "172.21.0.0", "255.255.0.0") ||
            isInNet(myIpAddress(), "172.22.0.0", "255.255.0.0") ||
            isInNet(myIpAddress(), "192.168.25.0", "255.255.255.0"))
        {
            proxy_str = "PROXY 192.168.178.10:8080; DIRECT";
        }
        else
        {
            proxy_str = "PROXY 192.168.237.10:8080; DIRECT";
        }



        if (shExpMatch(url, "*ir.mycompany.com*") ||
            shExpMatch(url, "*images.mycompany.com*"))
        {
            return proxy_str;
        }
        else if (dnsDomainIs(host,".mycompany.com") ||
            isPlainHostName(host) ||
            isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
            isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
            isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
            isInNet(myIpAddress(), "192.168.201.0", "255.255.255.0") ||
            isInNet(myIpAddress(), "192.168.177.0", "255.255.255.0"))
        {
            return "DIRECT";
        }
        else
        {
            return proxy_str;
        }
    }
}


0
Comment
Question by:stowyo
  • 3
  • 2
5 Comments
 
LVL 12

Accepted Solution

by:
mccracky earned 2000 total points
ID: 35730269
I don't see anything clearly wrong in your pac file.  I'd probably move the local subnet stuff to the top and add in 127.0.0.0/8.  I'd also add in a variable to keep from continually looking up myIpAddress.  Other than that, I'm not sure.   Are the ssl sites supposed to go through the proxy or DIRECT?  Is it with only a few sites or all?  what is the commonality of the sites that don't work?  If the ssl sites need to go through the proxy are they blocked if they try to go direct?  how was the problem noticed? would the problem be that it falls clear through and the proxy returned is "proxy address by site"?  Should the variable proxy_str be initialized to a valid proxy?

here's my take at your  pac file:

function FindProxyForURL(url, host)
{
    var my_ip = myIpAddress();
    var resolved_ip = dnsResolve(host);
    var proxy_str = "PROXY 192.168.237.10:8080; DIRECT";

    if (isPlainHostName(host) ||
        isInNet(resolved_ip, "127.0.0.0", "255.0.0.0") ||
        isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
        isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
        isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
        isInNet(my_ip, "192.168.201.0", "255.255.255.0") ||
        isInNet(my_ip, "192.168.177.0", "255.255.255.0"))
    {
        return "DIRECT";
    }
    else
    {
        if (isInNet(my_ip, "192.168.63.0", "255.255.255.0"))           // Tokyo subnet
        {
            if (dnsDomainIs(host,"owa.mycompany.com"))
                return "PROXY 192.168.237.10:8080";
            else
                return "DIRECT";
        }
        else
        {
            if (isInNet(my_ip, "172.35.0.0", "255.255.0.0") ||         // Israel
                isInNet(my_ip, "172.21.0.0", "255.255.0.0") ||
                isInNet(my_ip, "172.22.0.0", "255.255.0.0") ||
                isInNet(my_ip, "192.168.25.0", "255.255.255.0"))
            {
                proxy_str = "PROXY 192.168.178.10:8080; DIRECT";
            }

            if (shExpMatch(url, "*ir.mycompany.com*") ||
                shExpMatch(url, "*images.mycompany.com*"))
            {
                return proxy_str;
            }
            else if (dnsDomainIs(host,".mycompany.com") ||
            {
                return "DIRECT";
            }
            else
            {
                return proxy_str;
            }
        }
    }
}
0
 
LVL 1

Author Comment

by:stowyo
ID: 35731204
Thank you.  I have Tokyo testing this and will not hear back till morning as they are on a 11 hour offset.  I will post back tomorrow.
0
 
LVL 1

Author Comment

by:stowyo
ID: 35741816
Sir,  I used your re-written PAC file as a local configuration script and it worked.  Thank you.
0
 
LVL 12

Expert Comment

by:mccracky
ID: 35742563
Glad it worked.  I just looked at my take on your script again and noticed that there is an extra "||" on one of the lines.  Did you catch that?  

line:

else if (dnsDomainIs(host,".mycompany.com") ||
0
 
LVL 12

Expert Comment

by:mccracky
ID: 35742565
...and it's missing a ")"
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question