Difference between revisions of "PAC file example"
From Tech-Wiki
| (2 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
| − | PAC file | + | This example PAC file is used as proxy selector. It can bypass based several factors, or forward to different proxies servers. |
<nowiki> | <nowiki> | ||
| Line 9: | Line 9: | ||
var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/; | var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/; | ||
var resolved_ip = dnsResolve(host); | var resolved_ip = dnsResolve(host); | ||
| + | var myIp = myIpAddress(); | ||
/* Don't send non-FQDN or private IP auths to us */ | /* Don't send non-FQDN or private IP auths to us */ | ||
| Line 18: | Line 19: | ||
if (dnsDomainIs(host, "www.acme.com") || | if (dnsDomainIs(host, "www.acme.com") || | ||
dnsDomainIs(host, "webmail.acme.com")) | dnsDomainIs(host, "webmail.acme.com")) | ||
| − | + | return "PROXY proxy.acme.com:3128; DIRECT"; | |
| − | /*If the host is an internal IP range, send direct */ | + | /*If the host is an internal IP range (RFC1918), send direct */ |
if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") || | if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") || | ||
isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") || | isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") || | ||
isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") || | isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") || | ||
isInNet(resolved_ip, "127.0.0.0", "255.255.255.0")) | isInNet(resolved_ip, "127.0.0.0", "255.255.255.0")) | ||
| − | + | return "DIRECT"; | |
| − | |||
| − | |||
| − | |||
| − | |||
/* FTP goes directly */ | /* FTP goes directly */ | ||
if (url.substring(0,4) == "ftp:") { | if (url.substring(0,4) == "ftp:") { | ||
| Line 40: | Line 37: | ||
(host == "www.acme.com") || | (host == "www.acme.com") || | ||
(dnsDomainIs(host, "sso.acme.com"))) | (dnsDomainIs(host, "sso.acme.com"))) | ||
| − | return "DIRECT"; | + | return "DIRECT"; |
| + | |||
| + | if (shExpMatch(host, "*.microsoft.com") || | ||
| + | shExpMatch(host, "*windowsupdate*")) | ||
| + | return "PROXY proxy.acme.com:3128; DIRECT"; | ||
| + | |||
| + | // Balancing based on source | ||
| + | if (isInNet(myIp, "10.1.0.0", 255.255.255.0") || | ||
| + | isInNet(myIp, "10.2.0.0", 255.255.255.0")) | ||
| + | return "PROXY proxy2:8080; PROXY proxy1:8080; DIRECT"; | ||
| + | |||
// Load balancing | // Load balancing | ||
| − | |||
var ipBits = myIp.split("."); | var ipBits = myIp.split("."); | ||
var mySeg = parseInt(ipBits[3]); | var mySeg = parseInt(ipBits[3]); | ||
| Line 52: | Line 58: | ||
else | else | ||
return "PROXY proxy2:8080; PROXY proxy1:8080;"; | return "PROXY proxy2:8080; PROXY proxy1:8080;"; | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
/* Default Traffic Forwarding */ | /* Default Traffic Forwarding */ | ||
| − | return "PROXY proxy1.acme.com: | + | return "PROXY proxy1.acme.com:8080; PROXY proxy2.acme.com:8080; DIRECT"; |
} | } | ||
Latest revision as of 21:01, 20 June 2018
This example PAC file is used as proxy selector. It can bypass based several factors, or forward to different proxies servers.
function FindProxyForURL(url, host) {
var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/;
var resolved_ip = dnsResolve(host);
var myIp = myIpAddress();
/* Don't send non-FQDN or private IP auths to us */
// note this will defeat host file entries for external systems
if (isPlainHostName(host) || privateIP.test(host)) {
return "DIRECT";
}
if (dnsDomainIs(host, "www.acme.com") ||
dnsDomainIs(host, "webmail.acme.com"))
return "PROXY proxy.acme.com:3128; DIRECT";
/*If the host is an internal IP range (RFC1918), send direct */
if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
return "DIRECT";
/* FTP goes directly */
if (url.substring(0,4) == "ftp:") {
return "DIRECT";
}
// Domains to bypass
if ((host == "webmail.acme.com") ||
(host == "www.acme.com") ||
(dnsDomainIs(host, "sso.acme.com")))
return "DIRECT";
if (shExpMatch(host, "*.microsoft.com") ||
shExpMatch(host, "*windowsupdate*"))
return "PROXY proxy.acme.com:3128; DIRECT";
// Balancing based on source
if (isInNet(myIp, "10.1.0.0", 255.255.255.0") ||
isInNet(myIp, "10.2.0.0", 255.255.255.0"))
return "PROXY proxy2:8080; PROXY proxy1:8080; DIRECT";
// Load balancing
var ipBits = myIp.split(".");
var mySeg = parseInt(ipBits[3]);
// Modulus % 2
if((mySeg % 2) == 0) // Even
return "PROXY proxy1:8080; PROXY proxy2:8080;";
else
return "PROXY proxy2:8080; PROXY proxy1:8080;";
/* Default Traffic Forwarding */
return "PROXY proxy1.acme.com:8080; PROXY proxy2.acme.com:8080; DIRECT";
}