A proxy auto-config (PAC) file defines how web browsers and other user agents can automatically choose the appropriate proxy server (access method) for fetching a given URL.
A PAC file contains a JavaScript function "FindProxyForURL(url, host)". This function returns a string with one or more access method specifications. These specifications cause the user agent to use a particular proxy server or to connect directly.
Multiple specifications provide a fallback when a proxy fails to respond. The browser fetches this PAC file before retrieving other pages. The URL of the PAC file is either configured manually or determined automatically by the Web Proxy Autodiscovery Protocol.
Contents |
Modern web browsers implement several levels of automation; users can choose the level that is appropriate to their needs. The following methods are commonly implemented:
Computer operating systems (e.g., Microsoft Windows, Mac OS X, Linux) require a number of settings to communicate over the Internet. These settings are typically obtained from an Internet Service Provider (ISP). Either anonymous (proxy to use a proxy server) or real settings may be used to establish a network connection. For more information, see Windows Proxy Connection, contact your ISP, or search the Web for your own OS proxy requirements.
The Proxy auto-config file format was originally designed by Netscape in 1996 for the Netscape Navigator 2.0[1] and is a text file that defines at least one JavaScript function, FindProxyForURL(url, host), with two arguments: url is the URL of the object and host is the hostname derived from that URL. By convention, the PAC file is normally named proxy.pac. The WPAD standard uses wpad.dat.
To use it, a PAC file is published to a web server, and client user agents are instructed to use it, either by entering the URL in the proxy connection settings of the browser or through the use of the WPAD protocol.
Even though most clients will process the script regardless of the MIME type returned in the HTTP request, for the sake of completeness and to maximize compatibility, the web server should be configured to declare the MIME type of this file to be either application/x-ns-proxy-autoconfig or application/x-javascript-config.
There is little evidence to favor the use of one MIME type over the other. It would be, however, reasonable to assume that application/x-ns-proxy-autoconfig will be supported in more clients than application/x-javascript-config as it was defined in the original Netscape specification, the latter type coming into use more recently.
A very simple example of a PAC file is:
function FindProxyForURL(url, host) { return "PROXY proxy.example.com:8080; DIRECT"; }
This function instructs the browser to retrieve all pages through the proxy on port 8080 of the server proxy.example.com. Should this proxy fail to respond, the browser contacts the website directly, without using a proxy. The latter may fail if firewalls or other intermediary network devices reject requests from sources other than the proxy, a common configuration in corporate networks.
A more complicated example demonstrates some available JavaScript functions to be used in the FindProxyForURL function:
function FindProxyForURL(url, host) { // our local URLs from the domains below example.com don't need a proxy: if (shExpMatch(host, "*.example.com")) { return "DIRECT"; } // URLs within this network are accessed through // port 8080 on fastproxy.example.com: if (isInNet(host, "10.0.0.0", "255.255.248.0")) { return "PROXY fastproxy.example.com:8080"; } // All other requests go through port 8080 of proxy.example.com. // should that fail to respond, go directly to the WWW: return "PROXY proxy.example.com:8080; DIRECT"; }
Browsers such as Firefox and Internet Explorer only support system default encoding PAC files, and cannot support Unicode encodings such as UTF-8.
The function dnsResolve (and similar other functions) performs a DNS lookup that can block your browser for a long time if the DNS server does not respond.
Caching of proxy autoconfiguration results by domain name in Microsoft's Internet Explorer 5.5 or higher limits the flexibility of the PAC standard. In effect, you can choose the proxy based on the domain name, but not on the path of the URL. Alternatively, you need to disable caching of proxy autoconfiguration results by editing the registry, a process described by de Boyne Pollard (listed in further reading).
It is recommended to always use IP addresses instead of host domain names in the isInNet function for compatibility with other Windows components which make use of the Internet Explorer PAC settings, such as .NET 2.0 Framework. For example,
if (isInNet(host, dnsResolve(sampledomain) , "255.255.248.0")) // .NET 2.0 will resolve proxy properly if (isInNet(host, sampledomain, "255.255.248.0")) // .NET 2.0 will not resolve proxy properly
The current convention is to fail over to direct connection when a PAC file is unavailable.
When switching quickly between network configurations (e.g. when entering or leaving a VPN), dnsResolve may give outdated results due to DNS caching.
For instance, Firefox usually keeps 20 domain entries cached for 60 seconds. This may be configured via the network.dnsCacheEntries and network.dnsCacheExpiration preference variables. Also flushing the system's dns cache may help, which can be achieved e.g. in Linux by sudo service dns-clean start.
The myIpAddress function has often been reported to give wrong/unusable results, e.g. 127.0.0.1, the IP address of the localhost. It may help to remove on the system's host file (e.g. /etc/hosts on Linux) any lines referring to the machine hostname, while the line 127.0.0.1 localhost can and should stay.
On Internet Explorer 9 isInNet("localHostName", "second.ip", "255.255.255.255") returns true and can be used as a workaround.
Further limitations are related to the JavaScript engine on the local machine.
More advanced PAC files can reduce load on proxies, do load balancing, fail over, or even black/white listing before the request hits the proxies. One can return multiple proxies:
return "PROXY proxy1.example.com:8080; PROXY proxy2.example.com:8080";
Jonathan de Boyne Pollard (2004). "Automatic proxy HTTP server configuration in web browsers". Frequently Given Answers. http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/web-browser-auto-proxy-configuration.html.