Complex

The following PAC file is for the same company described above, but with some more complexities: 

• The company has three proxies – coreproxy.company.net is the used for the enterprise except for the LA and NYC areas which use laproxy.company.net and nyproxy.company.net, respectively.  

• Traffic to IBM.COM domain needs to be sent to the core proxy for all LA users.  

• The subnet 10.100.254.0/24 is a lab with its own dedicated proxy – labproxy.company.net.  

• The trading floor has a dedicated connection to Bloomberg.  They should go browser direct for this domain.  Everyone else should go through the proxy.

• There is an Internet DMZ at 10.250.0.0/16 that can only be accessed via the proxy.

• All other hosts in 10.0.0.0/8 must be accessed browser direct.  

function FindProxyForURL(url, host) {

pacver = "company.net PAC file version 7.2, January 4th, 2008";

// Convert everything to lower case.

var lhost = host.toLowerCase();

host = lhost;

// Set the default proxy variable that users get if they don’t match

// any more specific rule.

proxy = "PROXY coreproxy.company.net:8000";

// Los Angeles WAN subnets go to LA proxy

if (isInNet(myIpAddress(), "10.100.0.0", "255.252.0.0")) {

  proxy = "PROXY laproxy.company.net:8000";

}

// New York WAN subnets go to NY proxy

if (isInNet(myIpAddress(), "10.200.0.0", "255.252.0.0")) {

  proxy = "PROXY nyproxy.company.net:8000";

}

// Lab subnet goes to it’s own proxy

if (isInNet(myIpAddress(), "10.100.265.0", "255.255.255.0")) {

  proxy = "PROXY labproxy.company.net:8000";

}

// Spyware blocks

if (dnsDomainIs(host, ".badspyware1.com") ||

dnsDomainIs(host, ".worsespyware2.com")) {

  return "PROXY 127.0.0.1:49234";

}

// Loopback and localhost goes browser direct always.

if ((host == "localhost") ||

   (shExpMatch(host, "localhost.*")) ||

   (host == "127.0.0.1")) {

      return "DIRECT";

}

// Trading Floor Override for Bloomberg

if (isInNet(myIpAddress(), "10.101.32.0", "255.255.252.0")) {

    if (dnsDomainIs(host, "Bloomberg.com")) {

    return "DIRECT";

    }

}

// ibm.com doesn’t work through LA, set the variable to core proxy.

// Note you could just return the core proxy here, too but setting the variable is

// more consistent.

if ((dnsDomainIs(host, ".ibm.com")) &&

(proxy == "PROXY laproxy.company.net:8000")) {

    proxy = "PROXY coreproxy.company.net:8000";

}

// Utility

if ((host =="proxyinfo.company.net")) {

alert("Local IP address is: " + myIpAddress());

alert("PAC File Version:  " + pacver);

}

// hosts in company.net on the Internet need to be proxied.

if ((host == "www.company.net") ||

   (host == "webmail.company.net") ||

   (host == "portal.company.net") ||

   (dnsDomainIs(host, ".public.company.net"))) {

       return proxy;

}

// Test to see if host is an IP address

reip = /^\d+\.\d+\.\d+\.\d+$/g;

if (reip.test(host)) {

  // Check for an Internet DMZ address

  if (isInNet(host, "10.250.0.0", "255.255.0.0")) {

       return proxy;

  }

// Check for an internal 10.x IP address

  if (isInNet(host, "10.0.0.0", "255.0.0.0")) {

       return "DIRECT";

  }

}

// Next, we want to send all traffic to company.net browser direct

if (dnsDomainIs(host, ".company.net")) {

  return "DIRECT";

}

// Default return condition is the proxy, since it’s assumed that everything

// else is on the Internet.

return proxy;