Difference between revisions of "PAC file example"

From Tech-Wiki
Jump to: navigation, search
Line 9: Line 9:
 
var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/;
 
var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/;
 
var resolved_ip = dnsResolve(host);
 
var resolved_ip = dnsResolve(host);
 +
var myIp = myIpAddress();
  
 
/* Don't send non-FQDN or private IP auths to us */
 
/* Don't send non-FQDN or private IP auths to us */
Line 18: Line 19:
 
if (dnsDomainIs(host, "www.acme.com") ||
 
if (dnsDomainIs(host, "www.acme.com") ||
 
dnsDomainIs(host, "webmail.acme.com"))
 
dnsDomainIs(host, "webmail.acme.com"))
return "PROXY proxy.acme.com:3128; DIRECT";
+
return "PROXY proxy.acme.com:3128; DIRECT";
  
/*If the host is an internal IP range, send direct */
+
/*If the host is an internal IP range (RFC1918), send direct */
 
if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
 
if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
 
isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
 
isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
 
isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
 
isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
 
isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
 
isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
return "DIRECT";
+
return "DIRECT";
 
 
if (shExpMatch(host, "*.microsoft.com") ||
 
shExpMatch(host, "*windowsupdate*"))
 
return "PROXY proxy.acme.com:3128; DIRECT";
 
 
 
/* FTP goes directly */
 
/* FTP goes directly */
 
if (url.substring(0,4) == "ftp:") {
 
if (url.substring(0,4) == "ftp:") {
Line 40: Line 37:
 
(host == "www.acme.com") ||
 
(host == "www.acme.com") ||
 
(dnsDomainIs(host, "sso.acme.com")))
 
(dnsDomainIs(host, "sso.acme.com")))
return "DIRECT";
+
return "DIRECT";
 +
 
 +
if (shExpMatch(host, "*.microsoft.com") ||
 +
shExpMatch(host, "*windowsupdate*"))
 +
return "PROXY proxy.acme.com:3128; DIRECT";
 +
 
 +
// Balancing based on source
 +
if (isInNet(myIp, "10.1.0.0", 255.255.255.0") ||
 +
            isInNet(myIp, "10.2.0.0", 255.255.255.0"))
 +
        return "PROXY proxy2:8080; PROXY proxy1:8080; DIRECT";
 +
 
  
 
// Load balancing
 
// Load balancing
var myIp = myIpAddress();
 
 
var ipBits = myIp.split(".");
 
var ipBits = myIp.split(".");
 
var mySeg = parseInt(ipBits[3]);
 
var mySeg = parseInt(ipBits[3]);
Line 52: Line 58:
 
else
 
else
 
return "PROXY proxy2:8080; PROXY proxy1:8080;";
 
return "PROXY proxy2:8080; PROXY proxy1:8080;";
 
// Balancing based on source
 
myIp = myIpAddress();
 
if (isInNet(my_ip, "10.1.0.0", 255.255.255.0") ||
 
            isInNet(my_ip, "10.2.0.0", 255.255.255.0"))
 
        return "PROXY proxy2:8080; PROXY proxy1:8080; DIRECT";
 
  
 
 

Revision as of 21:00, 20 June 2018

Back to Active Directory


PAC file to use as proxy selector.

function FindProxyForURL(url, host) {
	var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/;
	var resolved_ip = dnsResolve(host);
	var myIp = myIpAddress();

	/* Don't send non-FQDN or private IP auths to us */
	// note this will defeat host file entries for external systems
	if (isPlainHostName(host) || privateIP.test(host)) {
		return "DIRECT";
	}

	if (dnsDomainIs(host, "www.acme.com") ||
		dnsDomainIs(host, "webmail.acme.com"))
		return "PROXY proxy.acme.com:3128; DIRECT";

	/*If the host is an internal IP range (RFC1918), send direct */
	if (isInNet(resolved_ip, "10.0.0.0", "255.0.0.0") ||
		isInNet(resolved_ip, "172.16.0.0", "255.240.0.0") ||
		isInNet(resolved_ip, "192.168.0.0", "255.255.0.0") ||
		isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
		return "DIRECT";
		
	/* FTP goes directly */
	if (url.substring(0,4) == "ftp:") {
		return "DIRECT";
	}

	// Domains to bypass
	if ((host == "webmail.acme.com") ||
		(host == "www.acme.com") ||
		(dnsDomainIs(host, "sso.acme.com")))
		return "DIRECT";

	if (shExpMatch(host, "*.microsoft.com") ||
		shExpMatch(host, "*windowsupdate*"))
		return "PROXY proxy.acme.com:3128; DIRECT";

	// Balancing based on source
	if (isInNet(myIp, "10.1.0.0", 255.255.255.0") ||
            isInNet(myIp, "10.2.0.0", 255.255.255.0"))
    	    return "PROXY proxy2:8080; PROXY proxy1:8080; DIRECT";


	// Load balancing
	var ipBits = myIp.split(".");
	var mySeg = parseInt(ipBits[3]);

	// Modulus % 2
	if((mySeg % 2) == 0) // Even
		return "PROXY proxy1:8080; PROXY proxy2:8080;";
	else
		return "PROXY proxy2:8080; PROXY proxy1:8080;";

	
	/* Default Traffic Forwarding  */
	return "PROXY proxy1.acme.com:8080; PROXY proxy2.acme.com:8080; DIRECT";
}