Serve multiple PAC files in a multi-proxy ProxySG deployment
search cancel

Serve multiple PAC files in a multi-proxy ProxySG deployment

book

Article ID: 165878

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Serving multiple PAC files in multi-proxy environment.
 

Resolution

Although the ProxySG officially supports just a single customizable PAC file (accelerated_pac_base.pac) served off the box, there are ways to work around this limitation so that you can distribute separate PAC files to different users. For example, you can send different users either to different proxies or to different proxy services.
 

There are two ways to do this:

  • Distribute separate PAC URLs based on group definitions.
  • Distribute identical PAC URLs to all users and serve different content based on source IP addresses.


You can do this by creating user-defined exceptions and a policy to serve the appropriate PAC file (exception).


Prerequisites

  • Intercept the Explicit HTTP service for port 80 on the ProxySG (for non inline implementations)

OR

  • Intercept the External HTTP service for Transparent:80 on the ProxySG (for inline implementations)


Advantages of this Implementation

  • Multiple PAC files served by the ProxySG.
  • No need to create forwarding hosts and rules to forward short PAC URLs to the Accelerated PAC.

Perform the following tasks to serve multiple PAC files to different users.

Create User-Defined Exceptions for PAC Files
For each PAC file to be served, create a user-defined exception. Follow these guidelines:

  • Create each exception using the(config) exceptions sub-commands in the CLI.
  • The HTTP code for the PAC files must be 200.
  • The content of the PAC file is placed in the Format field of the exception.(See the bolded lines in the example that follows.)

Exception file including PAC file example:
(exception.user-defined.all
(contact)
(details)
(format)
(help)
(summary)
(http
(code "403")
(contact)
(details)
(format)
(help)
(summary)
)
(exception.pac1
(contact)
(details)
(format)
(help)
(summary)
(http
(code "200")
(contact)
(details)
(format <<--19124760.9c7bc--
function FindProxyForURL(url, host) { return "PROXY x.x.x.x:8080"; }
--19124760.9c7bc--
)
(help)
(summary)
)
)
(exception.pac2
(contact)
(details)
(format)
(help)
(summary)
(http
(code "200")
(contact)
(details)
(format <<--19124760.9c839--
function FindProxyForURL(url, host) { return "PROXY x.x.x.x:8080"; }
--19124760.9c839--
)
(help)
(summary)
)
)


Replace x.x.x.x with the IP address or fully qualified domain name of the ProxySG that the PAC file should be sent to. The example above shows only the minimum PAC content that must be included.

Create Policy for PAC Files

Although basic PAC file serving will work after following the two previous steps, the ProxySG sets the Content-Type header to text/html which isn't correct for a PAC file. This should be set to application/x-ns-proxy-autoconfig in order to
conform with the standard. To set the correct Content-Type Header for PAC files, add the following lines of CPL to your policy:


exception.id="user_defined.pac1" action.pacheader(yes)
exception.id="user_defined.pac2" action.pacheader(yes)
define action pacheader
set(exception.response.header.content-type,"application/x-ns-proxyautoconfig")
end


The above code applies to the examples used in this section; you will need to customize it with the names of your user-defined exceptions.