- Pac File Bypass Proxy For Local Addresses Online
- Bypass Proxy Server For Local Addresses Pac File
- What Is Bypass Proxy Server For Local Addresses
This article describes how to design and deploy a makeshift 'whitelist' in Microsoft Internet Explorer (IE). A whitelist is a list of approved web sites. By using this technique, IE will be restricted from accessing web sites that are not explicitly on the whitelist.
On 27.06.08 03:48, Shaine wrote: Basically we can do the bypass proxy for local addresses via web browsers. This is inbuilt functions of certain web browsers. Like that, can we bypass some web request which are locally hosted ( In the same network ) via squid-cache? Proxy auto-configuration (PAC): Specify the URL for a PAC file with a JavaScript function that determines the appropriate proxy for each URL. This method is more suitable for laptop users who need several different proxy configurations, or complex corporate setups with many different proxies. Where is proxy PAC file located? PAC file addresses can be located on the Web General page and on the General tab of a policy. In both locations, a default and alternate address is listed. Default PAC file address: the PAC file is retrieved over port 8082 by default, or 8087 for HTTPS. Proxy-bypass-list='.google.com;127.0.0.1' This option tells not to use proxy for the list of addresses delimited by a semicolon. In the example above, the proxy server won't be used for google.com and all its 3rd-level domains along with the 127.0.0.1 address.-proxy-pac-url=pac-file-url This tells Chrome to use the PAC file at the specified. How to Bypass Proxy Server for Local Addresses in Windows 10? There are multiple ways you can bypass or exempt website addresses from using proxy. Remember that Windows will exclude the local website addresses like intranet or localhost from proxy when you enable the corresponding check box. However it will not work depending on the URL format.
Whitelisting in IE using a proxy auto-configuration (PAC) file
IE does not support whitelisting as a primary feature. However, it is possible to create a makeshift whitelist using a proxy auto-configuration (PAC) file. By specifying a 'dummy' proxy server using the local loopback address, IE will attempt, and fail, to access any web sites that are not explicitly added as exceptions to bypass the proxy server.
Consider the following example contents of a PAC file:
function FindProxyForURL(url, host) {
// Bypass the proxy for *.berkeley.edu
if (dnsDomainIs(host, '.berkeley.edu')) {
return 'DIRECT';
}
return 'PROXY http://127.0.0.1:18080';
} // End of function
The above file instructs IE to bypass the proxy and connect directly to any web site ending with the berkeley.edu domain. Requests for all other web sites will use the dummy loopback proxy server address 127.0.0.1:18080. These requests will fail because there is no proxy server listening at that address.
IT Security recommends using at a minimum the above example when utilizing a PAC file to restrict IE with Java enabled to campus web sites.
You may use other PAC file functions to tailor the PAC file to your environment. For instance, if IE and out-of-date Java are needed to access a single web site for every day business, then you may want to bypass the proxy for just that single site and not all sites ending in the berkeley.edu domain as shown above.
An excellent resource for designing PAC files is The Practical Proxy PAC File Guide.
Configuring IE to use a PAC file
Pac File Bypass Proxy For Local Addresses Online
The following instructions apply to Internet Explorer 8, 9, and 10.
- Download the *.berkeley.edu proxy.pac file here (right-click and Save Target As -- then rename so the file has a .pac extension) to your computer and note the folder location.
Alternatively, you may copy and paste the sample Javascript code in the previous section into Notepad and save the file with a .pac extension. Note: Other editors such as Microsoft Word may insert special characters that break the formatting of the PAC file. - In Internet Explorer, navigate to the Tools menu, then click Internet Options. This can sometimes be found by clicking the 'cog' icon in the upper right hand corner of some versions of IE.
- Click the Connections tab, then click LAN Settings
- In LAN Settings, make sure Automatically detect settings is unchecked.
- Click the Use automatic configuration script checkbox so that it is checked.
- In the Address field, specify the location where you saved the proxy.pac file on your system in step #1. The Address field accepts URLs and the file:// URL should be used for a local file. So for example if you saved proxy.pac to C:Windowsproxy.pac, you would enter this into the Address field:
file://C:/Windows/proxy.pac
Note the usage of forward slashes instead of back slashes. - Restart Internet Explorer for changes to take effect.
- Notice that IE will correctly load all berkeley.edu web sites by directly connecting to them, but that accessing other sites will cause IE to fail to connect and issue a Proxy Server is Refusing Connections error. Remember, this is because IE is attempting to use the dummy proxy server of 127.0.0.1:18080 to connect to web sites not on the berkeley.edu domain. Please see the Caveats section below for other considerations when using a PAC file.
Configuring a group of Windows hosts to use a PAC file
System Administrators wishing to simplify management of PAC files may host one on a web server and point all client Windows machines to the PAC file (e.g. http://mydepartmental.berkeley.edu/proxy.pac) in the Address field. This Automatic configuration script Address field can also be set and locked via Group Policy Objects (GPOs).
Caveats when using IE's automatic configuration script setting
Please take the following notes into consideration when configuring IE to use a PAC file:
- Any Windows application that defaults to using the 'system proxy' will also inherit the PAC file settings set in IE. A good example of this is Google Chrome -- if IE is set to use a PAC file, Chrome will also use the PAC file. Other applications such as Mozilla Firefox have their own set of proxy configuration settings and do not use the system proxy. If you notice that an application requiring network access suddenly stops working after configuring IE to use a PAC file, check the application's documentation to see if it defaults to using the system proxy.
- Windows Update / Automatic Updates will not be affected by PAC file settings unless you use IE to visit the Windows Update web site and attempt to update via the web. See How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site for details.
- Remotely included content on whitelisted web sites in the PAC file will not load unless the remote web sites are also on the whitelist. For example, using the above PAC file for berkeley.edu web sites, a remotely included JavaScript library from Google (e.g. //ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js) will not load, because IE will attempt to use the dummy proxy server to retrieve that resource. In this example, ajax.googleapis.com must be added to the whitelist of sites set to bypass the dummy proxy server.
A warning about IE Content Advisor & Parental Controls
Bypass Proxy Server For Local Addresses Pac File
Users may be tempted to use the Content Advisor and Parental Controls features of IE in order to restrict web access. This practice is not safe for the avoidance of malware and other security threats such as Java exploits, because Content Advisor and Parental Controls load all web sites entered in the address bar of IE into a hidden frame before checking access to the web site is allowed. This means that IE will still silently connect to web sites that you have intended to restrict access to.
What Is Bypass Proxy Server For Local Addresses
IT Security recommends that you do not use the Content Advisor and Parental Control features of IE as a whitelisting security mechanism.
Download Example proxy.pac File
You can download an example proxy.pac file here:
Note: You'll need to rename the file so that the file extension is .pac (e.g. 'mv proxy.pac_.txt proxy.pac').
I'm in need of an example script that i can change accordingly to my working environment.
I'm currently working at four different locations and move my laptop around with me all of the time. The problem is that in each of my locations i require a different proxy address and port or when at home, none. I'm now fed up with opening up internet explorer and changing the settings manually each time i move location.
Whether this is possible or not i am unsure but what i would like to achieve is four icons on my desktop each called the working location ie home.vbs workplaceone.vbs and so on. I would then be able to double click on these and that would invoke a change to my proxy settings inside IE.
So for each of my work places i would need the following two boxes checked,
'Use a proxy server for your LAN (these settings will not apply to dial-up or VPN Connections)'
'Bypass proxy server for local addresses'
I Would then need to enter my proxy address and port number.
The home settings would need to remove both of the above boxes.
Does anyone have any example scripts i could manipulate accordingly?
Thanking in advanced,
Regards,
Sprite