How to implement PAC File on the Proxy SG


<< Back to Knowledge Search

Solution

Overview

 =========================

Pac File How To: 
 
Serves PAC from Blue Coat Proxy. Also recommend homing the PAC file on a seperate server incase all blue coats are not available.  This would allow for users to "fail open" if there is a "DIRECT" statement in the PAC file (go direct to 
internet if the firewall allows it). 
 
=========================
1) Load PAC into bluecoat:  ("accelerated-pac file" = served from the bluecoat.  Enter PAC into the CLI)
 
SGOS>en
SGOS#conf t
SGOS#(config) inline accelerated-pac xxx
<type or paste PAC file here>
xxx
 
Or from a web server and using the following CLI commands:
 
SGOS#(config) accelerated-pac path <url>
SGOS#load accelerated-pac 
 
 
2) URL to use in browser http://x.x.x.x:8080/accelerated_pac_base.pac
 
 
===========================
 
To use a custom PAC file with a custom name
 
Warning: This option works by rewriting the request from the client to the actual URL of the PAC file on the proxy, but in order for the rewrite to work, it requires that the URL specifies a management console port such as 8081. It will fail if a proxy port such as 8080 is specified. However, because there are only 64 concurrent management console sessions available on the proxy at a given time, this option is not recommended for large deployments where this limit could be exceeded by incoming client requests for the PAC file. If this happens, it will result in the proxy denying any additional requests for the PAC file and/or denying access to the management console. Please use with caution.
 
===========================
 
1) Enable HTTP-Console (configuration>services>management services)
 
2) Install the following CPL in your local policy file (configuration>policy>policy files>install local file from: Text Editor) or CPL layer in the VPM. Be sure to replace the IP address with the actual IP address of your proxy:
 
<proxy>
url=http://proxy.example.com/ authenticate(no) action.redoPac(yes)
url=http://192.168.1.100:8081/proxy_pac_file authenticate(no)
 
define action redoPac
   rewrite(URL,"http://proxy.blue.com/", "http://192.168.1.100:8081/accelerated_pac_base.pac")
end action redoPac
 
===========================
 
PAC file
- proxy bypass for host, ip and subnet
- multiple proxies for failover
- fail close if no proxy available
 
===========================
 
function FindProxyForURL(url, host)
 
 {
 
         if (isPlainHostName(host)||
 
              shExpMatch(host, "cfauth.com")||
 
              shExpMatch(host, "blah.blah.com")||
 
              isInNet(host, "10.0.0.0", "255.0.0.0")||         
 
                  shExpMatch(host, "172.1.1.0"))
 
         return "DIRECT";
 
  else
 
  {
 
   return "PROXY 10.1.1.100:8080";
 
  }
 
  else
 
  {
 
   return "PROXY 10.1.1.101:8080";
 
  }
}
============================

 

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ2221
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Software      SGOS 4, SGOS 5, SGOS 6
Article Number      000011217
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat