Following on from last week’s post, I have spent some time this week playing with .pac files. As discussed last week this is the only way to configure Proxy exceptions on an iOS device. In this post I’ll show you some basics in relation to creating, serving and using the .pac file.
How to serve and use a .pac file
Lets jump forward a step. You’ve got your proxy settings and put these into a file. Lets call it ‘proxyfile.pac’ (nice and original). Now where can you put this file so that your devices can access it?
For your standard Mac OS X clients, you can actually store this file locally on the machine. Just point the machine to the relevant area in System Preferences. I have tested this in a lab environment and this works fine with both Firefox and Google Chrome, however an additional security feature in Safari prevents this.
As of Lion, Safari now runs in an almost entirely sandboxed mode that will ignore any Proxy files that are hosted on a standard file system. The way around this is to turn on web sharing on the client and place the .pac file in the relevant place. Or do it properly…
Hosted a .pac file on a Web Server
The standard location for a .pac is on a Web server. Now due to the large amount of different Web servers, I’m sorry to say I cannot provide instructions for each, however I will draw out some general instructions for a Mac Web Server.
1. Turn in the Web Service. This is located in Server Admin (10.6 – Snow Leopard Server or older) or Server.app (10.7 – Lion Server). Also make a note of the Web Server documents folder location. In this example, our Web Server address is https://www.macserver.co.uk.
2. Navigate to the primary Web Server documents folder used for storing the webpages. As default on Lion this is “/Library/Server/Web/Data/Sites/Default”. Move your .pac file (remember ours is “proxyfile.pac”) into this folder.
3. Test the .pac file. Open a web browser and navigate to the address/proxy file. In our example, we would use “https://www.macserver.co.uk/proxyfile.pac”. This should display your Proxy file in the browser window.
Please Note: some Web Browsers and Web Servers do not support this.
4. Finally, add the above test address to the “Automatic” field for proxies. On Mac OS X launch System Preferences, and navigate to the relevant interface’s Proxy configuration page. Tick the “Automatic Proxy Configuration” box and fill in the entire URL in the provided box (as we used in step 3).
For iOS, follow the steps I outlined in my previous blog post, but instead of following step 3, select “Auto” and fill in the URL as we used above.
And that should enable your devices to use the Proxy Automatic Configuration (pac) file.
Awesome, but how do I make one in the first place?
This is the part that took the most digging around, researching and testing to pull together. I have managed to write and test a fairly basic .pac file but I have to say I’ve only scratched the surface it seems!
The .pac file can be created in Text Edit or any other basic text editor (including Dreamweaver – use the JavaScript template) but it MUST be a plain text file or it will not work. The file is comprised of arguments, commands and returned values much like an Apple script or a Bash script.
Again, much like a Bash script, the .pac file must start with an opening line, in this case:
“function FindProxyForURL(url, host)”
This basically tells the network connection that it will work out the Proxy URL and provide this back.
The information that is returned to the connection is done by the line:
“return “PROXY [proxy address]:[Proxy Port]”; ”
The theory gets much more complex, but is easier to explain with examples.
Example 1: Direct all traffic to the proxy 41.190.16.17 on port 8080
Nice and easy, forward all traffic to one address and port no matter what. To do this, use the below content in your .pac file, changing the address where required:
function FindProxyForURL(url, host)
{
return "PROXY 41.190.16.17:8080";
}
Example 2: Direct all traffic to the proxy 41.190.16.17 on port 8080, except data bound for addresses in the 192.168.1.1/24 range.
A bit more complicated but probably much more widely required. Again, just use this content in your .pac file, changing the address where required:
function FindProxyForURL(url, host)
{
if (isInNet(host, "192.168.1.1", "255.255.255.0"))
return "DIRECT"; else return "PROXY 41.190.16.17:8080";
}
Conclusion
There you have it, enough to get you started and trying things out. There’s some decent information on the Proxy auto-config wiki page to help with any more advanced configuration, but the only way is to give it a go….in a test environment of course!!
As always, please feel free to ask questions, or make suggestions for future topics in the comments below.
Disclaimer
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.
