Proxy auto-config

from Wikipedia, the free encyclopedia

Using a proxy auto-config file ( PAC file), a web browser can automatically find the appropriate proxy server for a desired URL .

A PAC file contains a JavaScript function . This function returns a string containing one or more proxy specifications; With multiple specifications, fallback or failover is possible in the event that a server does not respond. The browser fetches this PAC file before requesting further pages. The URL of the PAC file can either be entered manually or found automatically using the Web Proxy Autodiscovery Protocol . FindProxyForURL(url, host)

context

Modern browsers offer several configuration options - so you can choose the type that suits your needs. These are usually the following options:

  • Manual proxy selection: A host name and a port number are specified, which are used for all URLs. Usually domains such as B. the own computer ( localhost ) for which the proxy is bypassed can be listed.
  • Proxy auto-configuration (PAC): By specifying the URL of a PAC file, it is possible to use a suitable proxy for each URL. It contains a JavaScript function that selects the right proxy for each address. This article covers this possibility.
  • Web Proxy Autodiscovery Protocol (WPAD Protocol): The browser searches for the PAC file itself. The protocol is discussed in a separate article.

The first option is the simplest.

The second (PAC) is more flexible (allows the use of many different proxies). However, the URL of the PAC file must initially be entered manually.

The third option (WPAD) is based on PAC and makes this manual work unnecessary: ​​every browser in an organization can be instructed to use the same PAC configuration.

The PAC file

To use PAC, PAC files are usually published on web servers and the participating browser is instructed to read them by specifying the appropriate address in the configuration settings or by using the WPAD protocol . A PAC file can also be kept local for test purposes or for other reasons.

A PAC file is a text file that defines a JavaScript function: . By default it is called proxy.pac , if the WPAD standard is used it is often also called wpad.dat . The server must be instructed to specify the MIME type of the file application / x-ns-proxy-autoconfig . FindProxyForURL(url, host)

A very simple example of a PAC file is: 

function FindProxyForURL(url, host) { return "PROXY proxy.example.com:8080; DIRECT"; }

This function instructs the browser to direct all page requests to the proxy on port 8080 of the server proxy.example.com . If this fails, a direct connection to the WWW is established.

The following is a more complex example that demonstrates the use of some of the JavaScript FindProxyForURLfunctions available for the function: 

function FindProxyForURL(url, host) {
   // Adressen, die auf example.com liegen, brauchen keinen Proxy:
   if (shExpMatch(host,"*.example.com")) {
      return "DIRECT";
   }

   // URLs innerhalb dieses Netzwerkes werden abgefragt über
   // Port 8080 auf fastproxy.example.com: (macht Nameserver Anfrage)
   if (isInNet(host, "10.0.0.0", "255.255.248.0")) {
      return "PROXY fastproxy.example.com:8080";
   }

   // Alle anderen Anfragen gehen über Port 8000 von proxy.example.com.
   // sollte das fehlschlagen, verbinde direkt ins Netz:
   return "PROXY proxy.example.com:8000; DIRECT";
}

restrictions

The function isInNet(and other similar functions) perform a DNS request which can block the browser if the DNS server does not respond. This function is also quite “expensive” on Windows systems, even with good accessibility, so access to network resources can be slowed down.

Proxy caching in Microsoft's Internet Explorer limits the flexibility of the PAC standard. As a result, a proxy can be selected based on the domain name, but not the path of the URL. Otherwise, proxy caching must be switched off.

In principle, a PAC file can also be generated dynamically on the server.