Proxy.pac causing slowness

Hi, I don't know much about proxy.pac files but we seem to have an issue with ours. I'm told that the proxy.pac makes the internet unbearably slow, from what I have been told it can sometimes take 1 second to 10 for a page to load on the proxy.pac file.

I don't browse the internet much when I'm at work so I don't notice it, but I've been tasked to fix it.

From what I understand the proxy.pac is a javascript file with a series of rules, I've read up and created a few of my own which all were also too slow and certain things didn't load right.

I switch back to the old pack and it works fine, even though all the guides I look at tell me my proxy.pac file is fine, I even found a format checker which said all was good.

so I finally just took the original proxy.pac and edited it to two rules, that was still too slow, but everything worked fine. I'm not sure what else to do.

if I go directly out the proxy everything works and we don't have any page lag.
now what I'm surmising is that each individual picture load, iframe, and link gets run through the proxy.pac to see if the rule applies and that's what causes the momentary lag.

I've copied my proxy.pac below, any suggestions on how to possibly be made faster?

'function FindProxyForURL(url, host)
 if (isPlainHostName(host)|| dnsDomainIs(host, ""))
 return "DIRECT";
 else if (dnsDomainIs(host, ""))
 return "PROXY";
 return "PROXY";
Who is Participating?
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
Setting the address to use i.e. http:\\xxx\proxy.pac or wherever you have located it can be set in the string or can be assigned in the autodetect entry and applied by dns/dhcp (252) entries - all are perfectly acceptable and each target a particular scenario.

For example, you may want different entries based upon the subnet that a user is operating on. You can do this by checking the source ip within a single .pac file or you can create (and assign) different .pac addresses based upon the dhcp scope.

All are OK and viable, just I prefer the single file approach as it makes life easier for version control and change management which is why I do not use the AutoDetect option which many prefer.

My .pac file is approximately 80 lines long and the response is fairly much immediate. Where are you hosting the .pac file? What is the performance like of that box? Is it local to the users?
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
The proxy.pac is only read the first time the browser is opened as it is then cached - it does not get read for every single page fetch afterwards - this is why you have to fully close the browser after a proxy.pac file change is made.

That being the case I am surprised that there is significant lag introduced.

In the browswer configuration, connection string settings, the policy is set to use the proxy.pac file specifically? i.e. the autodetect and manual settings etc are all removed?
Chances are your DNS is slow.

If you check your DNS logs you will probably find that the machine serving the proxy.pac file is making a ton of DNS queries.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Check that the proxy server's DNS settings are correct.  When using a proxy, it is the proxy server that does DNS lookups, not your local machines.  Trouble there can cause performance trouble.
Crossroads305Author Commented:
@keith_alabaster: The proxy.pac is set with in group policy, everything else is greyed out.
Also, what you said is what I originally thought, but then there were several articles I read including one on Microsoft Technet that said otherwise, so I was a little confused.

@Savone, @BudDurland: that was one of the first things we checked, We tried many different DNS' on the Proxy, we tried the ISPs, Internet Backbone DNS, Google's OSPF DNS' and a few other ones. They all expirience the same problem, we don't see many DNS requests in the log of our proxy (we use Astaro), and we're a smaller company, only a handful of people.
the funny thing is that when we put them directly to the proxy and not the .pac it's fast, however the local intranet pages then don't work correctly through the proxy, which is why we have to use the .pac file.
You can bypass the proxy for intranet sites in IE settings.
Crossroads305Author Commented:
originally they had it on one of our AD servers, I recently set up a 2008r2 box that is hosting iis7 and just the proxy.pac file because I thought maybe it was the box. It's never under load and has 8gb of ram and a 2.5ghz dual core socket 775 Xeon, it has been on this for about a month but still the issue occurs. I'm even contemplating setting up a linux box just for this as well to see if that changes it but I have my doubts.

I'm beginning to think I'm on a snipe hunt, not everyone seems to have the problem and it has never happened to me.

I'm beginning to wonder if perhaps it's our switch, we recently had some ports that were POE just stop working.

thanks for all the help.
We have the same problem, you never mention what browser you are using. We have the slowness problem on IE11 only. And it is only slow when loading the startpage on initial IE11 launching.

What did you come up to?
Crossroads305Author Commented:
Sorry, on our end we have the problem with IE 10 and 11. Though recent troubleshooting I added *.internal.domain not to use the proxy through GPO under "User Configuration>Preferences>Control Panel Settings>Internet Settings>Internet Explorer 10/11>Connections>LAN Settings"

clicked use Proxy server for your LAN + Bypass proxy server for local addresses
in Advanced I put in the * in "Do not use proxy servers for addresses beginning with:"

this fixed most issues what we were having with internal sites.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.