IT Infrastructure 004: Proxy Auto-Config (PAC)

I believe many workplaces encounter this proxy issue with the web browser: Local Area Network (LAN) settings for proxy server was configured and published to all users using Active Directory (AD) Group Policy Object (GPO). As a result, all web browsers were configured to direct URL requests to the company’s proxy server by default, even when these devices were using external network to access the web. Therefore, whenever you leave the workplace network,  you will have to toggle the proxy server setting manually.

Most people got used to the inconvenience. Some may even write scripts to automate the toggling of proxy server setting. If you are facing the same problem at your workplace, this might be an interesting solution to consider:

Capture2.PNG

Automatic Configuration Setting:  Internet Explorer configured to locate a PAC file. With this in place, you no longer have to toggle the check-box for proxy server setting manually.

How it works?

Firstly, a Proxy Auto-Configuration (PAC) file written in Javascript needs to be hosted in one of your HTTP server within your network. Next, all of the browsers need to be configured to locate this file and execute it before any URL requests. How the browsers locate the file depends on your preference, you may use AD GPO or use Web Proxy Auto-Discovery Protocol (WPAD) to accomplish this.

This PAC file can be coded to help your browsers determine whether the user is currently joined to your workplace, where is the proxy server, whether to direct certain URL requests to your proxy server, and whether certain URL should bypass the proxy server. Therefore with this implementation, yous will be able to switch between your workplace network and any external network seamlessly as the browsers will have the smart capability to decide whether a proxy server should be used or not.

Other Considerations

  1. Locating the PAC file
    As mentioned, how to locate the PAC file depends on your preference. I have used AD GPO to publish the instruction to everyone as this is the most simple and convenient method. Using WPAD would require you to configure your DHCP servers and your DNS servers. If you are using Cisco products for your network, you can even look into Web Cache Communication Protocol (WCCP) to do away with PAC file entirely and still meet the same objective.
  2. Hosting of PAC file
    A PAC file can be served using a HTTP server, or hosted using file share where the browsers can map to it. I have opted to use HTTP server as hosting it on file share will create compatibility issues with certain versions of Internet Explorer. When serving the file in a HTTP server, take note of using the recommended Multi-Purpose Internet Mail Extensions (MIME) types for the PAC file as this can potentially cause errors.
  3. Testing the implementation
    You can configure your browser to locate the PAC file in your local file directory as you debug it, before implementing it on all your users.

Find out more from the following resources.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s