Virtual Secure Web Gateway

hi guys,

i have  a symantec gateway.  i want a solution so that laptop users do not have to disable the proxy when they are not at office.  i think the pac file is the best solution.  i am unable to write a good pac file.  can you please give me a simple pac file

avinash

Hi,

there are very good resources on the internet for thi type of information. I'd start with this one:

http://findproxyforurl.com/index.html

Federico

thanks

i have put this   

function FindProxyForURL(url, host)

    {

    if (isInNet(host, "156.10.0.0", "255.255.255.0")) { return "PROXY 156.10.160.103:3128"; }

    return "DIRECT";

    }

that is the ip of my proxy is 156.10.160.103 and my subnet is 156.10.0.0.   if the laptop ip is in subnet 156.10 the go through proxy .  else connect direct..  is that right?

This is part of the PAC file I use but with your details:

function FindProxyForURL(url, host)
{
if
    (
        isInNet(myIpAddress(), "156.10.0.0", "255.255.0.0")
    )

return "PROXY 156.10.160.103:3128";
else
return "DIRECT";
}

I changed the subnet to 255.255.0.0 as 255.255.255.0 is wrong if you want subnet 156.10.*.*.

Give that a shot. That works for me.

Keng

Help,

First off I am using group policies on Windows Server 2003 to determine which users use the pac file. Most people have unlimited access to the internet. I am using a pac file to limit web access for a specific group of users. They are only allowed to use the internet when they either access our intranet or a specific list of websites. This is how I wrote my pac file:

var myWebs = new Array();
myWebs[0] = "http://intranet*";         // our intranet
myWebs[5] = "http://192.168.0.*";    // allow access to any network appliance
myWebs[1] = "http://www.companywebsite.org*";
myWebs[2] = "https://mail.companywebsite.org*";
myWebs[3] = "*netsmart*";
myWebs[4] = "https://name.attendance.com*";
myWebs[6] = "*.gov*";
myWebs[7] = "*state.*.us*";
myWebs[9] = "http://dictionary.reference.com*";
myWebs[10] = "http://thesaurus.com*";

     // ETC..

function FindProxyForURL( url, host ) {
    for( var i = 0; i < myWebs.length; i++ )
            if ( shExpMatch( url, myWebs[i] ) ) { return "DIRECT"; }
    return "PROXY 199.199.199.0:8080";     // a fake proxy server address
}

If the user goes to an allowed address in the list, it connects without a proxy server. If the user goes to any other sites, it searches for the fake proxy and fails to load. This is exactly how I want it to work and it does work with only one problem that I cannot figure out. I hope someone here could help me with this.

For example, if a user visits http://www.state.oh.us (on the list), and that site has a linked image to http://www.yahoo.com (not on the list), the image will not load. In some cases a site may have a link to an external stylesheet or javascript, which then throws back errors and clunky results. In some cases the website won't load at all even though it's on the list (actually only one of them does this, not so important).

Is there any other way I can accomplish this feat without purchasing a real proxy server?

Thanks in advance,

Dave

Hi Dave,

The problem you are having is not a pac file problem, just a normal one!

The same thing happens to me when I put a domain in the exceptions list in the SWG. I need to put other domains that are blocked that the website needs, e.g. twitter.com also requires twimg.com, yfrog.com and ytimg.com unblocking. I've just put them in the exceptions list as well.

If you want to just use your PAC file to unblock websites, you will probably need to add the domains in there to unblock them.

If you need to check which domains need to be unblocked, you can get the info from the SWG. Just create a new policy with everything on Monitoring, get a user to go through the SWG, then run a report against that user. That will tell you exactly where they have been.

Hope that helps.