System Engineer - How to write your own pac file (proxy.pac)
What is a Proxy?
A Proxy is a server (phisical or virtual) for requests from clients looking for resources on other servers or internet. A client connects to the proxy server, requesting some services like:
HTTP (port: 80)
HTTPS (port: 443)
FTP (port: 21)
A Modern proxy server maintain and save internet logs for LDAP Users and IP Address.
When we are at home don't need to use a proxy server because it's not necessary to filter our internet line.
The Big Companies use proxies for this reason:
- Filter Internet Content with "web filtering module"
- Register user activities
- send direct to firewall some destination
- Redirect to another proxy some destination
- make ssl inspection
Today we speak about send DIRECT and to REDIRECT destination.
To do it, we use a Proxy.pac script. It will be forced on the Browser like this example:
THIS IS A PROXY.PAC EXAMPLE I MADE
// Pac file TEST
// Created By me
function FindProxyForURL(url, host) {
if (isPlainHostName(host)) return "DIRECT";
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
if ((dnsDomainIs(host, ".mydomain.com")) ||
(dnsDomainIs(host, "seconddomain.com")))
return "DIRECT";
if (shExpMatch(host, "externaldomain.com"))
return "DIRECT";
if (isInNet(host, "223.23.16.16", "255.255.255.255"))
return "DIRECT";
if ((host == "download.microsoft.com") ||
(host == "ntservicepack.microsoft.com") ||
(host == "cdm.microsoft.com") ||
(host == "wustat.windows.com") ||
(host == "windowsupdate.microsoft.com") ||
(dnsDomainIs(host, ".windowsupdate.microsoft.com")) ||
(host == "update.microsoft.com") ||
(dnsDomainIs(host, ".update.microsoft.com")) ||
(dnsDomainIs(host, ".windowsupdate.com")))
return "DIRECT";
if (shExpMatch(url, "http://outlook.com"))
return "PROXY mysecondproxy:8080";
else
return "PROXY Myfirstproxy.local:8080";
}
LET ME EXPLAIN IT
//
// YOU CAN ADD COMMENT. This will not be interpreted by your Browser
function FindProxyForURL(url, host) {
if (isPlainHostName(host)) return "DIRECT";
send DIRECT hostname or localhost
EXAMPLE:
http://localhost
http://mycomputername
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
send DIRECT private ip address
EXAMPLE:
http://10.0.0.1
if ((dnsDomainIs(host, ".mydomain.com")) ||
(dnsDomainIs(host, "seconddomain.com")))
return "DIRECT";
send DIRECT your private domain
EXAMPLE:
http://TEST.mydomain.com
http://seconddomain.com
if (shExpMatch(host, "externaldomain.com"))
return "DIRECT";
send DIRECT external domain
EXAMPLE:
http://externaldomain.com
if (isInNet(host, "223.23.16.16", "255.255.255.255"))
return "DIRECT";
send DIRECT external ip address
EXAMPLE:
http://223.23.16.16
if ((host == "download.microsoft.com") ||
(host == "ntservicepack.microsoft.com") ||
(host == "cdm.microsoft.com") ||
(host == "wustat.windows.com") ||
(host == "windowsupdate.microsoft.com") ||
(dnsDomainIs(host, ".windowsupdate.microsoft.com")) ||
(host == "update.microsoft.com") ||
(dnsDomainIs(host, ".update.microsoft.com")) ||
(dnsDomainIs(host, ".windowsupdate.com")))
return "DIRECT";
send DIRECT Windows Update
if (shExpMatch(url, "http://outlook.com"))
return "PROXY mysecondproxy:8080";
send to another proxy a specified url
EXAMPLE:
http://outlook.com
else
return "PROXY Myfirstproxy.local:8080";
}
all other addresses are sent to PROXY
If you have any question don't hesitate to ask, because this is my daily work.
If you think what I'm doing is something you like, please UPVOTE ME AS WITNESS
https://steemit.com/~witnesses
You got a 2.32% upvote from @postpromoter courtesy of @yanosh01!
Want to promote your posts too? Check out the Steem Bot Tracker website for more info. If you would like to support the development of @postpromoter and the bot tracker please vote for @yabapmatt for witness!