Proxy auto-config
From Wikipedia, the free encyclopedia
A proxy auto-config (PAC) file defines how web browsers and other user agents can automatically choose the appropriate proxy server (access method) for fetching a given URL.
A PAC file contains a JavaScript function "FindProxyForURL(url, host)". This function returns a string with one or more access method specifications. These specifications cause the user agent to use a particular proxy server or to connect directly.
Multiple specifications provide a fallback when a proxy fails to respond. The browser fetches this PAC file before retrieving other pages. The URL of the PAC file is either configured manually or determined automatically by the Web Proxy Autodiscovery Protocol.
Contents |
[edit] Context
Modern web browsers implement several levels of automation; users can choose the level that is appropriate to their needs. The following methods are commonly implemented:
- Manual proxy selection: Specify a hostname and a port number to be used for all URLs. Most browsers allow you to specify a list of domains (such as localhost) that will bypass this proxy.
- Proxy auto-configuration (PAC): Specify the URL for a PAC file with a JavaScript function that determines the appropriate proxy for each URL. This method is more suitable for laptop users who need several different proxy configurations, or complex corporate setups with many different proxies, and is discussed in this article.
- Web Proxy Autodiscovery Protocol (WPAD): Let the browser guess the location of the PAC file through DHCP and DNS lookups. This is discussed in a separate article.
[edit] The PAC file
To use PAC, you publish a PAC file on a Web server and instruct a user agent to utilize it, either by entering the URL in the proxy connection settings of your browser or through the use of the WPAD protocol.
A PAC file is a text file that defines at least one JavaScript function, FindProxyForURL(url, host). By convention, this file is normally named proxy.pac. The WPAD standard uses wpad.dat.
Even though most clients will process the script regardless of the MIME type returned in the HTTP request, for the sake of completeness and to maximize compatibility, you should instruct your web server to declare the MIME type of this file to be either application/x-ns-proxy-autoconfig or application/x-javascript-config.
There is little evidence to favor the use of one MIME type over the other. It would be, however, reasonable to assume that application/x-ns-proxy-autoconfig will be supported in more clients than application/x-javascript-config as it was defined in the original Netscape specification, the latter type coming in to use more recently.
A very simple example of a PAC file is:
function FindProxyForURL(url, host) { return "PROXY proxy.example.com:8080; DIRECT"; }
This function instructs the browser to retrieve all pages through the proxy on port 8080 of the server proxy.example.com. Should this proxy fail to respond, the browser contacts the WWW directly, without using a proxy.
Here is a more complicated example demonstrating some available JavaScript functions to be used in the FindProxyForURL function:
function FindProxyForURL(url, host) { // our local URLs from the domains below example.com don't need a proxy: if (shExpMatch(url,"*.example.com/*")) {return "DIRECT";} if (shExpMatch(url, "*.example.com:*/*")) {return "DIRECT";} // URLs within this network are accessed through // port 8080 on fastproxy.example.com: if (isInNet(host, "10.0.0.0", "255.255.248.0")) { return "PROXY fastproxy.example.com:8080"; } // All other requests go through port 8080 of proxy.example.com. // should that fail to respond, go directly to the WWW: return "PROXY proxy.example.com:8080; DIRECT"; }
[edit] Limitations
The function dnsResolve (and similar other functions) performs a DNS lookup that can block your browser for a long time if the DNS server does not respond.
Caching of proxy autoconfiguration results by domain name in Microsoft's Internet Explorer 5.5 or higher limits the flexibility of the PAC standard. In effect, you can choose the proxy based on the domain name, but not on the path of the URL. Alternatively, you need to disable caching of proxy autoconfiguration results by editing the registry. Refer to the article by de Boyne Pollard (listed in #Further_reading) for more details.
It is recommended to always use IP instead of host domain names in isInNet function for compatibilities with other components in Windows which makes use of Internet Explorer PAC settings, such as .NET 2.0 Framework. For example,
if (isInNet(host, dnsResolve(sampledomain) , "255.255.248.0") // .NET 2.0 will resolve proxy properly if (isInNet(host, sampledomain, "255.255.248.0") // .NET 2.0 will not resolve proxy properly
The current convention is to fail over to direct connection when a PAC file is unavailable.
Further limitations are related to the JavaScript engine on the local machine.
[edit] Advanced functionality
More advanced PAC files can reduce load on proxies, do load balancing, fail over, or even black/white listing before the request hit the proxies. One can return multiple proxies:
return "PROXY proxy1.example.com:8080; PROXY proxy2.example.com:8080; PROXY proxy3.example.com:8080; PROXY proxy4.example.com:8080";
[edit] Further reading
Jonathan de Boyne Pollard (2004). "Automatic proxy HTTP server configuration in web browsers". Frequently Given Answers. http://homepages.tesco.net/~J.deBoynePollard/FGA/web-browser-auto-proxy-configuration.html.
[edit] External links
- Navigator Proxy Auto-Config File Format (from the Release Notes for Netscape Navigator 2.0)
- Using the Client Autoconfiguration File (Chapter 11 of Netscape Proxy Server Administrator's Guide, version 3.5 for Unix)
- Description of proxy auto-configuration files from Microsoft
- Guide to writing effective PAC Files.
- PAC File & WPAD Examples
- pacparser C and Python library to parse PAC files.
- Pactester A tool to test PAC files.
- proxyvalidator Test all destination proxies within a PAC file.
- PAC-file to filter bad hosts and pornography