The Proxy shuffle
Let me know if this scenario sounds familiar: At work your primary workstation is a laptop. You spend your days between working at your desk and attending meetings. And if you’re like me, you take your laptop wherever you go. This means docking and undocking or being on the wired/wireless network throughout the day.
This is great unless you have a proxy server in the mix. For me the headache is having to constantly mess with my Internet Explorer (IE) LAN Settings. Every time I go between the wired/wireless networks, I have to remember to turn my proxy settings on/off respectively. Wouldn’t it be nice if IE knew which network I was on and automatically switched my proxy settings without me being involved? Well there is and it’s not too difficult to set it up – and then forget about for good. This even works when you’re switching between your home and work networks.
Step 1 – The PAC file
So how do you get all this automatic network/proxy switching to happen? Simple, it’s called a PAC (Proxy Auto Configuration) script file. The PAC file is a small JavaScript text file that tells your browser/computer how you want to configure your network proxy connections. For this post let’s pretend we want to automatically switch between our company network and all other networks (this could be a home or public network).
- Use Notepad (or your favorite text editor) and create a new file, let’s call it proxy.pac.
- Copy the following simple script and paste into your PAC file:
//Save this file anywhere on your computer //For this example: C:\Scripts\proxy.pac function FindProxyForURL(url, host) { var ip = myIpAddress(); // All computers on the company network have // a 10.10.x.x address, check if I have this if (shExpMatch(ip, "10.10.*")){ return "PROXY proxy.companyname:8080"; } // If you have a different IP then // this isn't the company network else { return "DIRECT"; } }
- Save the file, for this example I saved it to C:\Scripts\proxy.pac
What does this PAC file do?
- IE will read this file and perform the FindProxyForURL function for all HTTP requests (whether in the browser or another application).
- Line 6: Get’s your current IP.
- Line 10: Determines if you are on your company’s internal network. In this example we say our company network uses the 10.10.*.
Use ipconfig to see what your company network uses (make sure you’re connected). You only need to watch the first 30 seconds.
Step 2 – The IE LAN Settings
This is where you go to manage your proxy connections. Here we’ll set IE to use our new proxy.pac file in the LAN Settings window.
- Open Internet Explorer by clicking the Start button , and then clicking Internet Explorer.
- Click the Tools button, and then click Internet Options.
- Click the Connections tab, and then click LAN settings. Then make sure that the Use automatic configuration script is checked. Then point the Address text box to your proxy.pac file.
- The rest of the other checkboxes should be unchecked.
That’s it, you are now automatically switching between your work and home (and every other) networks automatically!
proxy.pac 2.0
For those of you that need more advanced configuration rules, the following code demonstrates the ability to not only automatically switch proxy settings, but also add the ability to bypass the proxy for various hosts/URLs on the company network.
//Save this file anywhere on your computer //For this example: C:\Scripts\proxy.pac function FindProxyForURL(url, host) { var ip = myIpAddress(); // Detect if trying to connect to internal/intranet host if(isPlainHostName(host) || dnsDomainIs(host, "intranet.companyname")) { return "DIRECT"; } // Detect if trying to connect to URLs on the // internal network via internal DNS suffix or IP address if(shExpMatch(url, "*.companyname") || shExpMatch(host, "10.100.*")) { return "DIRECT"; } // All computers on the company network have // a 10.10.x.x address, check if I have this if (shExpMatch(ip, "10.10.*")) { return "PROXY proxy.companyname:8080"; } // If you have a different IP then this isn't the company network else { return "DIRECT"; } }
[View proxy.pac 2.0 with debug code]
What does proxy.pac 2.0 do? Add the ability to bypass the proxy.
- There are times when you need to bypass the proxy for internal URLs and hosts. The proxy server is really only interested in your external traffic (usually). So if you need to reach some internal network resources and the proxy is complaining, use your PAC file to bypass the proxy for those resources.
- Line 9: Determines if the hostname contains no dots, e.g. http://intranet Useful when applying exceptions for internal websites, e.g. may not require resolution of a hostname to IP address to determine if local. Or if hostnames match, used mainly to match and exception individual hostnames.
- Line 16: Will attempt to match hostname or URL to a specified shell expression.
You can modify lines 9 and 16 to handle any network resources that need to be bypassed. These conditions (separated by the “||” logical operator) amount to what goes in the Proxy Settings > Exception text box:
For more information on PAC functions check out: PAC Functions Explained
[View proxy.pac with debug code] [View proxy.pac 2.0 with debug code]
For the .NET Developers
Have you ever seen this YSOD message:
No connection could be made because the target machine actively refused it 123.123.123.123:80
If you are developing a .NET application and you’re trying to access a service and get this cryptic message, it might be your proxy server. You might expect that the automatic proxy configuration script setting in IE would be used. Unfortunately, that’s not the case. Per Microsoft: “The .NET runtime does not, however, support automatic proxy discovery scripts.” What to do? You have a couple of options:
- Set the <proxy> Element (Network Settings) in the app.config, web.config or the machine.config file.
- Assign a WebProxy instance to a WebRequest instance explicitly, for example:
WebProxy proxyObject = new WebProxy("http://proxyserver:8080/",true); WebRequest req = WebRequest.Create(http://www.yourservice.com); req.Proxy = proxyObject;
- Set the <ObjectService>.Proxy property directly to the PAC file location, for example:
System.Net.WebClient.Proxy = new WebProxy("file://c:/scripts/proxy.pac");
Awesome! You are the tool man! We should start a TV show starring Jose “Tool Man” Rivera…
I like the sound of that Bob, thanks.
really thanks for sharing with us this mate 😉