Automatic Proxy Configuration using PAC File, Batch Script and Windows Server 2012 GPP

Introduction

The proxy auto-configuration is a technique which defines how & where the web browser and other application requests are redirected. Also, this mechanism is designed to overcome the changes and difficulties of manual configuration. Instead of using the static proxy server address, the web browser or application executes a JavaScript function for every request. This script provides greater flexibility than a manual configuration. This blog explains about automatic proxy configuration using Proxy Auto Config script (PAC), windows batch script, and Group Policy Preference (GPP).

What is a PAC file & what it does?

PAC stands for Proxy Auto Configuration. This file contains a set of rules coded using a JavaScript function FindProxyForURL (url, host) which determines whether web browser requests (HTTP, HTTPS, and FTP) go direct to the destination or forwarded via web proxy server such as squid proxy. Vmoksha uses squid proxy server, which is a fully featured web proxy cache server application.

Before Proxy Automation in Vmoksha:

We were facing following problems and challenges before automatic proxy configuration,

  • Manual Proxy Configuration
  • Speed & Latency Issues
  • No Failover Setup
  • Exception (Proxy Bypass) Configuration
  • Explicitly proxy disables in external networks
  • Internet connectivity outage

Benefits after Proxy Automation in Vmoksha:

The following are the benefits after automating proxy configuration,

  • No Manual Effort
  • Script-driven method of controlling the routing of web requests
  • Proxy bypass configuration for private sub-networks, internal/local hosts, and local domains
  • Support for all major operating systems and web browsers
  • Automatic proxy failover with multiple proxy servers
  • Efficient and automated traffic routing regardless of domain name or IP address
  • Support for wireless networks in mobile devices
  • Supports web traffic load balancing

Procedure:

The following are the steps for automatic proxy configuration

Step 1: PAC File Creation

Create a PAC file script based on the following example.

PAC File Example:

function FindProxyForURL(url, host) {

// If the hostname matches, send direct.
   if (dnsDomainIs(host, "localdomain.com") ||
       shExpMatch(host, "(*.localdomain.com)"))
       return "DIRECT";

// If the protocol or URL matches, send direct.
   if (url.substring(0, 4)=="ftp:" ||
       shExpMatch(url, "http://localdomain.com/folder/*"))
       return "DIRECT";

// If the requested website is hosted within the internal network, send direct.
   if (isPlainHostName(host) ||
       shExpMatch(host, "*.local") ||
       isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
       isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") ||
       isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
       isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
       return "DIRECT";

// DEFAULT RULE: All other traffic, use below squid proxy servers in fail-over order.
   return "PROXY 1.2.3.4:3128; PROXY 5.6.7.8:3128";
}

url – The full URL being accessed in web browser. (http:// or https:// or ftp://)

host – The hostname from the above url. port numbers and sub-location is not included in this

return – Return value can be any of the following

  • DIRECT – Redirects requests directly to the destination
  • PROXY host:port – Redirects requests to Proxy server
  • SOCKS host:port – Redirects requests to SOCKS server

Finally, save the file with .pac extension. Eg. proxy.pac

Step 2: Host the PAC file on a web server for client access

Next step is to host the PAC file on a web server’s home directory such as (/var/www/html for Apache2) or (/usr/share/nginx/html for Nginx) or (C:\inetpub\wwwroot for IIS8) and make sure the file is accessible from intranet clients.

Step 3: AutoConfigURL setting via Group Policy Preference

Context: To configure Internet Explorer with a Proxy PAC file using Group Policy Preferences options.

  • Open your GMPC.MSC console and navigate to User Configuration / Preferences / Windows Settings                 
  • Right Click on the Registry object from the left hand pane and select New > registry Item

Automatic Proxy Configuration

From New Registry Properties, login in the following settings

  • For Hive: HKEY_CURRENT_USER
  • For Key Path: Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • For Value name: AutoConfigURL
  • For Value Type: REG_SZ
  • For Value data: http://mysite/proxy.pac

Screenshot

 Automatic Proxy Configuration

Apply and OK to complete this GPP Configuration

The following are steps to auto configure winhttp proxy settings

Step 1: Batch Script Creation

Create two batch scripts with the following content

Script 1: "setproxy.bat"

rem This Batch File sets the WinHTTP proxy settings and bypasses the localhost

netsh winhttp set proxy "proxy.mydomain.com:8080"; 127.0.0.1,localhost

Script 2: "resetproxy.bat"

rem This Batch File resets the WinHTTP proxy settings

netsh winhttp reset proxy

Step 2: Group Policy Object Creation

  1. Open your GMPC.MSC console and create a new Group Policy Object and enter the name of it.
  2. Navigate to User Configuration / Policies Windows Settings / Scripts
  3. Select Logon under Scripts; add the above script “setproxy.bat”
  4. Select Logoff under Scripts; add the above script “resetproxy.bat”
  5. Navigate to Computer Configuration / Policies / Administrative Templates / System / Group Policy
  6. Enable the policy Configure Logon Script Delay, and enter “0″ minute.
  7. Attach this GPO to the appropriate OU of your domain and enable it.
FacebookTwitterGoogle+Share