Example Custom PAC file for Explicit Proxy

book

Article ID: 165732

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Is there an example of a customized PAC file for Explicit Proxy?

Resolution

To compare, here is the DEFAULT pac file, when using the default Cloud file from: 
 
https://portal.threatpulse.com/pac
 
function FindProxyForURL(url, host)
{
    if (isPlainHostName(host))
        return "DIRECT";

    if (url.substring(0, 4) == "ftp:")
        return "DIRECT";

    if (isInNet(host, "10.0.0.0", "255.0.0.0")
        || isInNet(host, "172.16.0.0",  "255.240.0.0")
        || isInNet(host, "192.168.0.0", "255.255.0.0")
        || isInNet(host, "169.254.0.0", "255.255.0.0")
        || isInNet(host, "127.0.0.0", "255.255.255.0")
        || isInNet(host, "23.20.0.0", "255.252.0.0"))
        return "DIRECT";

    return "PROXY proxy.threatpulse.net:8080; DIRECT";
} 
 
NOTE how in the default file above, ALL traffic (that doesn't first go DIRECT) will be sent to Cloud.
 
 
 
 
EXAMPLE file below, to ONLY send HTTP/HTTPS (80/443) traffic to Cloud, and all other traffic go DIRECT (bypass Cloud).  Also note that in this file below, traffic from browser -> IDP is excluded from Cloud.  This is to support SAML configurations when using BCCA-as-the-IDP.
 
function FindProxyForURL(url, host)
{
    if (isPlainHostName(host))
        return "DIRECT";

    if (url.substring(0, 4) == "ftp:")
        return "DIRECT";

    if (isInNet(host, "10.0.0.0", "255.0.0.0")
        || isInNet(host, "172.16.0.0",  "255.240.0.0")
        || isInNet(host, "192.168.0.0", "255.255.0.0")
        || isInNet(host, "169.254.0.0", "255.255.0.0")
        || isInNet(host, "127.0.0.0", "255.255.255.0")
        || isInNet(host, "23.20.0.0", "255.252.0.0"))
        return "DIRECT";

// Bypass one specific IP address (example only).
if ( isInNet(host, "74.125.239.37", "255.255.255.255") ) 
    return "DIRECT";

// Bypass specific host (include both wildcard and non-wildcard expression).
if ( shExpMatch(host, '*.google.com') || shExpMatch(host, 'google.com') )
    return "DIRECT";

// Bypass hostname/domain (of BCCA-as-IDP for SAML IDP).
if ( (host == "qinvdc7") || 
     (host == "qinvdc7.dom.ad.local") || 
      dnsDomainIs(host, ".dom.ad.local") ) 
    return "DIRECT";

// Send *only* HTTP/HTTPS (80/443) traffic to Cloud.
if ( (url.substring(0, 5) == "http:") || 
     (url.substring(0, 6) == "https:") ) 
    return "PROXY proxy.threatpulse.net:8080; DIRECT";

return "DIRECT";
}