PAC files contain instructions directing web browsers to route HTTP, HTTPS, and FTP web traffic. PAC files are easy to create and maintain. They also customize web traffic according to your organization's requirements.
PAC files can be created and deployed to:
A PAC file primarily contains the JavaScript function FindProxyForURL with two parameters- URL and host. These parameters are used to determine that the proxy server is to be accessed by the browser and alternative proxy options. The URL will contain the full path being accessed. (For example, http://www.mydomain.com). The host parameter will contain the host name or IP address.
Return statements specify the directions to web browsers regarding forwarding traffic to or bypassing a proxy. For example, return "PROXY proxy1.mydomain.com:8080;".
Use arguments with comments to specify more specific details, like which hosts need to be directed to a proxy. For example, //Bypass proxy for internal hosts.
Refer to the cases mentioned below to create or modify PAC files.
Case 1: To route web traffic via a proxy server and establish a direct connection if the proxy server connection cannot be established:
function FindProxyForURL (url, host) { return "PROXY proxy.mydomain.com:8200; DIRECT"; }
Case 2: To route intranet traffic (say intranet.mydomain.com) directly and other requests through a proxy server:
function FindProxyForURL(url, host) { if (isPlainHostName(host) || dnsDomainIs(host, "intranet.mydomain.com")) return "DIRECT"; else return "PROXY proxy.mydomain.com:8200; DIRECT"; }
Case 3: To set up a failover proxy server arrangement:
function FindProxyForURL(url, host) { // //If they only have a specified host name, go directly. // if (isPlainHostName(host) || dnsDomainIs(host, ".mydomain.com")) return "DIRECT"; else if (shExpMatch(host, "*.com")) return "PROXY proxy2.mydomain.com:8200; " + "PROXY proxy4.mydomain.com:8200"; else return "PROXY proxy3.mydomain.com:8200; " + "PROXY proxy4.mydomain.com:8200"; }
Case 4: To redirect specific IP addresses to a proxy server:
Case 4: To redirect specific IP addresses to a proxy server: function FindProxyForURL(url, host) { if (myIpAddress() == "999.99.999.99") { return "PROXY proxy.mydomain.com:8200"; } else { return "DIRECT"; } }
Case 5: To specify a proxy based on the communication protocol:
function FindProxyForURL(url, host) { if (url.substring(0, 5) == "http:") { return "PROXY proxy1.mydomain.com:8200"; } else if (url.substring(0, 4) == "ftp:") { return "PROXY proxy2.mydomain.com:8200"; } else if (url.substring(0, 6) == "https:") { return "PROXY proxy3.mydomain.com:8200"; } else { return "DIRECT"; } }
PAC files can be configured manually in browser settings or automated using the Web-Proxy Auto Discovery (WPAD) protocol. The WPAD protocol uses DHCP or DNS to locate the PAC file. The browser used in endpoints searches for a web server on startup to find the PAC file's location. The web browser sends the local DHCP server a query to find the PAC file location. If the proxy auto discovery is not successful with DHCP, the browser then uses DNS to detect the PAC file location.
Google Chrome, Internet Explorer, and Safari for Windows follow Windows proxy settings configuration if these are not explicitly set. To enter the PAC files manually, follow the steps below:
Follow the steps below to manually configure proxy settings for Firefox:
Manual configuration of a proxy is tedious for a large number of endpoints. The WPAD protocol is preferred to automate proxy settings.
Setting up the WPAD protocol includes four steps: hosting the PAC file on a web server, setting up DHCP, configuring DNS settings, and enforcing Group Policy.
After modifying the PAC file as desired, rename the file to ''wpad.dat''. Follow the steps below in the web server in which you wish to host the PAC file:
Follow the steps below to ensure that the wpad.dat file is detected by the DHCP server.
Once you've created the option 252 entry, follow the steps below to enable the DHCP scope option:
Use a Group Policy to push automatic proxy detection to all endpoints. Follow the steps below to configure a Group Policy: