ProxySG & Advanced Secure Gateway

 View Only

  • 1.  Multiple Pac Files

    Posted Feb 20, 2019 09:51 AM

    Hello,

    we tried to serve two different pac Files via Exceptions to our users.
    We configured the ASG discriped in https://www.symantec.com/docs/TECH241646 .

     

    After configuring the Browser ( firefox ) to an auto proxy configuration url
    http://proxy.web.mycompany.org/browserconfig.pac

    the browser ask for the config an get an answer.

    GET /browserconfig.pac HTTP/1.1
    Host: proxy.web.mycompany.org
    Connection: keep-alive
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36
    Accept-Encoding: gzip, deflate
    Accept-Language: de-DE

    HTTP/1.1 200 OK
    Content-Type: application/x-ns-proxy-autoconfig
    Cache-Control: no-cache
    Pragma: no-cache
    Proxy-Connection: Keep-Alive
    Connection: Keep-Alive
    Content-Length: 1504

    function FindProxyForURL(url, host)
    {
        if (
          shExpMatch(url, "https://int.login.mycompany.org/*") ||
          shExpMatch(url, "https://login.mycompany.org/*") ||
          shExpMatch(url, "https://entw.mycompany.org/*")
        )
        return "PROXY proxy.web.mycompany.org:8080; DIRECT";
        //
        if (shExpMatch(host,"highsecurehost.com"))
        return "PROXY highsecure.services.mycompany.org:1234";
        if (
        shExpMatch(url, "*.companyfriends.org*")  ||
        shExpMatch(url, "proxy.mycompany.org*")  ||
        shExpMatch(url, "proxy.web.mycompany.org*")  ||
        shExpMatch(url, "*.otherfriends.org/*")  ||
        shExpMatch[url, "*localhost*")  ||
        isInNet(host, "10.0.0.0", "255.0.0.0") ||
        isInNet(host, "127.0.0.0", "255.0.0.0") ||
        isInNet(host, "192.168.1.0", "255.255.255.0") ||
            )
        return "DIRECT";
        if ( shExpMatch(url, "*.specialservice.org/*"))
        return "PROXY proxy.mycompany.org:7070; DIRECT";
        if ( dnsResolve("ntp.mycompany.org") == "10.1.99.99" ||
             dnsResolve("ntp.mycompany.org") == "10.100.199.199")
        return "PROXY proxy.web.mycompany.org:8080";
        else
        return "PROXY proxy.web.mycompany.org:8080";
    }

     

    But this settings are ignored by the browser and the configuration does not work.


    Regards
    Thorsten



  • 2.  RE: Multiple Pac Files

    Posted Feb 20, 2019 09:40 PM
      |   view attached

    Hi Thorsten,

     

                    The PAC was having couple of syntax errors. I have corrected it and is attached. Try with this one.

    Note: There is a behavior of IE11 to cache old PAC files and it tends to ignore new updated ones. I would recommend doing testing with chrome browser

     

    Attachment(s)

    txt
    PACv2.txt   1 KB 1 version


  • 3.  RE: Multiple Pac Files

    Posted Feb 21, 2019 12:37 AM

    Hi Aravind,
    could you please attach the corrected PAC File

    Regards
    Thorsten



  • 4.  RE: Multiple Pac Files
    Best Answer

    Posted Feb 21, 2019 02:10 AM

    Hi Thorsten,

     

                    My previous comment is having the attachement. If you are not able to see it, I will paste it below again

     

    function FindProxyForURL(url, host)
{
    if (
      shExpMatch(url, "https://int.login.mycompany.org/*") ||
      shExpMatch(url, "https://login.mycompany.org/*") ||
      shExpMatch(url, "https://entw.mycompany.org/*")
    )
    return "PROXY proxy.web.mycompany.org:8080; DIRECT";

    if (shExpMatch(host,"highsecurehost.com"))
    return "PROXY highsecure.services.mycompany.org:1234";
    if (
    shExpMatch(url, "*.companyfriends.org*")  ||
    shExpMatch(url, "proxy.mycompany.org*")  ||
    shExpMatch(url, "proxy.web.mycompany.org*")  ||
    shExpMatch(url, "*.otherfriends.org/*")  ||
    shExpMatch(url, "*localhost*")  ||
    isInNet(host, "10.0.0.0", "255.0.0.0") ||
    isInNet(host, "127.0.0.0", "255.0.0.0") ||
    isInNet(host, "192.168.1.0", "255.255.255.0"))
    return "DIRECT";
	
    if (shExpMatch(url, "*.specialservice.org/*"))
    return "PROXY proxy.mycompany.org:7070; DIRECT";
	
    if (dnsResolve("ntp.mycompany.org") == "10.1.99.99" ||
         dnsResolve("ntp.mycompany.org") == "10.100.199.199")
		 
    return "PROXY proxy.web.mycompany.org:8080";
	
    return "PROXY proxy.web.mycompany.org:8080";
}

     



  • 5.  RE: Multiple Pac Files

    Posted Feb 21, 2019 02:19 AM

    Thanks,
    I test it



  • 6.  RE: Multiple Pac Files

    Posted Feb 21, 2019 04:47 AM

    Also you shouldn't use checks like shExpMatch(url, "*.companyfriends.org*"). This will match every URL that somewhere contains ".companyfriends.org" like bad.randomsite.tld/downloads/.companyfriends.orgdl/file.exe

    A better alternative would be shExpMatch(host, "*.companyfriends.org")



  • 7.  RE: Multiple Pac Files

    Posted Feb 22, 2019 02:17 AM

    Perfect  it works!!
    Thanks



  • 8.  RE: Multiple Pac Files

    Posted Feb 22, 2019 02:23 AM

    Hi Thorsten,

     

                 Happy to hear that. Do consider Fi-da's suggestion for any future edits as it is very valid in a perfect match. Thanks