Controlling Internet Access using a Pac File - Making sure Internal Sites don't use the Proxy

(Page 3 of 4 )

Now that we have got this far, we are almost ready to send the user to the correct proxy. The only thing we have not done yet is make sure that, if they are trying to access a site on your internal network, they go directly and do not use the proxy. This is done like so:

if (isInNet(host, "192.168.0.0", "255.255.0.0"))

  {

    return "DIRECT";

  }

else {

    return proxy;

  }

The first part of the IF statement is the IsInNet function again, this time on the IP address of the destination passed into the PAC file. If it is in the IP scope specified, then the user is sent directly to the site. At this point the logic of the PAC file concludes and the user is sent to the site.

If the IF statement returns false, then the user is sent to the proxy server that is currently held in the proxy variable.

Put it all Together

Now that we have all the building blocks, we can create our PAC file. If we wish, we can also set it up so that, instead of using the IP address of the proxy, it points to a DNS entry. This is useful if you have backup proxies. In that case, if the main one goes offline you can change the DNS entry to the backup and the clients will be re-directed, without you having to alter the PAC file. We use this in our final completed example.

function FindProxyForURL(url, host)

{

  //Set a default proxy if non are returned below

  var proxy = "PROXY 192.168.0.244:8080";

 

  // Test for Prestons subnets

  if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))

    proxy = "PROXY proxy_preston:8080";

  if (isInNet(myIpAddress(), "192.168.2.0", "255.255.255.0"))

    proxy = "PROXY proxy_preston:8080";

 

  // Test for Londons subnets

  if (isInNet(myIpAddress(), "192.168.3.0", "255.255.255.0"))

    proxy = "PROXY proxy_blackpool:8080";

  if (isInNet(myIpAddress(), "192.168.4.0", "255.255.255.0"))

    proxy = "PROXY proxy_blackpool:8080";

 

  //Now direct the user out through the proxy if not internal site

  if (isInNet(host, "192.168.0.0", "255.255.0.0"))

  {

    return "DIRECT";

  }

  else if (url.substring(0, 24) == "http://www.microsoft.com")

  {

    return "PROXY 159.180.13.52:3128";

  }

  else if (url.substring(0, 5) == "http:")

  {

    return proxy;

  }

  else if (url.substring(0, 4) == "ftp:")

  {

    return proxy;

  }

}

Next: Directing Users to your PAC File >>
 

More BrainDump Articles
More By Luke Niland

Comments On: Controlling Internet Access using a Pac File

· Hi Guys,Hope you find the article interesting, any questions post them...    · Hi !I found the article very informative and easy to understand :-)One question:...    · Hi Paal,Glad you like the article. Yes, to go to the web service running on...    · Thank you for your valuable information. I am very happy to catach this valuable...    · Hi,I'm a bit confused as to what you are trying to archive. I don't think you...   >>> Post your comment now!