+ Post New Thread
Results 1 to 6 of 6
Internet Related/Filtering/Firewall Thread, More Proxy.PAC fun... in Technical; We're a school district, so all Internet traffic is filtered through a proxy. The thing is all of our teachers ...
  1. #1
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    807
    Thank Post
    83
    Thanked 132 Times in 115 Posts
    Blog Entries
    8
    Rep Power
    32

    More Proxy.PAC fun...

    We're a school district, so all Internet traffic is filtered through a proxy. The thing is all of our teachers have district issued laptops and they're encouraged to take them home at night if they need them for work. Currently, teachers just check off the usage of a proxy in IE when they take it home. I still get questions periodically though when they forget to turn it off, or turn it back on when they bring the laptop back into the district. So I decided to give an automatic proxy configuration script a try, but there are a few issues I need to iron out before making it live. I used a proxy.pac posted by FN-GM on this forum (Thanks!) as a starting point. Looks something like this....

    Code:
    function FindProxyForURL(url, host)
    
    {
    
    //Declare proxy strings as variables
    var staffproxy = "PROXY StaffProxy:3128";
    
    // IP not to use proxy
    if (shExpMatch(url, "*172.*")) { return "DIRECT"; }
    if (shExpMatch(url, "*10.*")) { return "DIRECT"; }
    if (shExpMatch(url, "*192.*")) { return "DIRECT"; }
    if (isPlainHostName(host)) { return "DIRECT"; }
    
    // URLS not to use proxy server
    if (shExpMatch(url, "someurl1.com")) { return "DIRECT"; }
    if (shExpMatch(url, "someurl2.com")) { return "DIRECT"; }
    
    // Apply proxy if machine is on internal network
    if (isInNet(myIpAddress(), "10.0.0.0", "255.0.0.0")) { return staffproxy; }
    
    else
    
    return "DIRECT";
    The PAC file works, but my hang up is in how it ascertains whether or not it is behind or school's network. The line below is too general to identify our network.

    Code:
    if (isInNet(myIpAddress(), "10.0.0.0", "255.0.0.0")) { return staffproxy; }
    We use a class A private address scheme here in the district, and so does a lot of home networks, bars, and Internet cafes. I suppose I could make it more specific, but I would still run the risk of an outside network matching that line.

    I've seen examples where you can query DNS to see what network you're on (for instance trying to resolve the hostname of our primary DC), but every time you launch a browser window it tries to perform this DNS query, and will hangup while waiting for the request to timeout if you're on an outside network.

    The only other option I've been able to think of is comparing the primary DNS suffix the client gets from DHCP to the one that we use in the district. This would be able to be done instantly without a timeout issue, but I don't know how write this in the PAC file, or if it is even possible.

    Any ideas? Thanks guys....

  2. #2


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    867
    Thanked 850 Times in 672 Posts
    Rep Power
    196
    Stick the proxy pack on a webserver as wpad.dukesschooldistrict.edu/proxy.pac and don't server it outside your local network (or better, have no dns for that domain outside your network). A browser unable to get the proxy.pac will just go direct.

  3. Thanks to tom_newton from:

    Duke5A (3rd August 2011)

  4. #3
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    807
    Thank Post
    83
    Thanked 132 Times in 115 Posts
    Blog Entries
    8
    Rep Power
    32
    I've been under the assumption that the browser will cache the PAC (at least I remember reading it somewhere). Does IE and FF not do this?

  5. #4


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    867
    Thanked 850 Times in 672 Posts
    Rep Power
    196
    They *shouldn't* - certainly not over a reboot or even a close and reopen of the browser IE did (still does?) have a habit of caching the result of evaluating the pac file. Worth a try, anyway

  6. #5
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    807
    Thank Post
    83
    Thanked 132 Times in 115 Posts
    Blog Entries
    8
    Rep Power
    32
    Quote Originally Posted by tom_newton View Post
    They *shouldn't* - certainly not over a reboot or even a close and reopen of the browser IE did (still does?) have a habit of caching the result of evaluating the pac file. Worth a try, anyway
    Your absolutely right. I finally just got around to implementing this and it works great. Thanks again!

  7. #6

    Join Date
    Oct 2008
    Posts
    214
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    22
    IE8 doesnt cache it. IE6 used to *occasionally* I cant say I ever tested it with IE7. proxy.pac is the way to go and the only way I sorted a few issues out internally here.

SHARE:
+ Post New Thread

Similar Threads

  1. OSX and Proxy.pac files
    By cookie_monster in forum Mac
    Replies: 0
    Last Post: 28th April 2010, 10:38 AM
  2. Proxy .pac file
    By FN-GM in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 10th February 2010, 10:33 AM
  3. proxy .pac file
    By sted in forum Windows
    Replies: 12
    Last Post: 24th September 2009, 07:50 PM
  4. Stupid proxy pac
    By Oops_my_bad in forum Wireless Networks
    Replies: 10
    Last Post: 23rd March 2009, 09:59 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •