Controlling Internet Access using a Pac File

(Page 1 of 4 )

Proxy Access Control (PAC) files solve a problem that is becoming more and more common as organizations spread out geographically and workers become more mobile. If this sounds like your company, and you're an administrator concerned with how your users access the Internet and company intranets, keep reading. This might be exactly what you're looking for.

Introduction

Controlling how users across an organization connect to the Internet and intranets can be a tricky thing to administer. You could have people at different physical locations that all want to go out through different proxies, internal sites that you need them to access directly and roaming users who sometimes work from their own connections at home.

This is where a PAC (Proxy Access Control) file comes in. With this one file you can control how all of your clients access the web. Most of the modern browsers will use a PAC file without any problems. The only exception I know of was the old Macs prior to OSX. I've not used one over the last few years so I don't know if they still have this problem.

Basics of the PAC file

The PAC file contains one function called FindProxyForURL. This function is passed the parameters URL and host. URL is the address of the site that the browser is requesting, while host is the IP address of the client machine making the request.

Once all the logic of the PAC file has been read, the last thing it will do is return the correct proxy server to use (in the format of "PROXY IPAddress:PortNo") or if it is an address that can be reached internally, it will return DIRECT.

Below is a very simple example of a PAC file. Use notepad or your preferred text editor to create the file, and save it as proxy.pac.

function FindProxyForURL(url, host)

{

  //set the ip address of the proxy into a variable named proxy

  var proxy = "PROXY 192.168.0.1:8080";

 

  return proxy;

}

This very simple example of a PAC file will just re-direct traffic out through a proxy server running at 192.168.0.1 on port 8080. This of course is a very simple example but it should work. To test the PAC file drop it onto one of your internal web servers, and point your browser's automatic config file at the URL, e.g.

http://webserver1/proxy.pac

Once you have set this, as long as the IP and port in the PAC file match yours, you should start using the logic contained in this file. How to distribute the PAC file to clients is discussed later in the article.

If that is working, you can now build more into the file to control what happens to certain sites and subnets.

Next: Setting the Proxy server based on the Client subnet >>
 

More BrainDump Articles
More By Luke Niland

Comments On: Controlling Internet Access using a Pac File

· Hi Guys,Hope you find the article interesting, any questions post them...    · Hi !I found the article very informative and easy to understand :-)One question:...    · Hi Paal,Glad you like the article. Yes, to go to the web service running on...    · Thank you for your valuable information. I am very happy to catach this valuable...    · Hi,I'm a bit confused as to what you are trying to archive. I don't think you...    · It's a very informative article    · The best way that direct users to the pac file that you dont mention here is through...    · We have implemented the pac file solution with the timeout set to 5 mins to check...    · Hi,If you are making it check every 5 mins and it cant find the iis server then...    · Hi:I am trying to edit our PAC file, I would like to use an "AND" function can...    · Thank you for the great info. You mention it is possible to even redirect urls. I'm...   >>> Post your comment now!