Re: proxy.pac

Simon Haighton-Williams wrote:
>
> Dear list,
> I need some help with writing a proxy.pac that sets the correct
> proxy based on the DNS name of the client. For example a client dials
> into modem 20 in location foo - they get the DNS name
> rack20-foo.somecompany.co.uk I want them to use the cache
> webcache-foo.somecompany.co.uk.
> Regards,
> Simon
>

We have a number of sites in Ireland - two in Dublin and
one in the center of Ireland. We have one cache in Dublin and
one at the remote site.

Here's what I use (modified slightly). The DNS name of your
client isn't available to your server without doing a (reverse)
DNS lookup AFAIK. It would be far faster to use the IP address
to base your decisions on if possible.

Our proxy.pac is actually a Perl CGI script that uses the
REMOTE_ADDR environment variable to test the IP address and
decides on their location. It then sets a couple of variables
and outputs JavaScript that the client can use. This also
has the benefit that the client doesn't have to go through the
DNS-figuring-out part every time - it's done before the client
even gets the JavaScript.

For this to work, your web server needs to know that the
proxy.pac is a CGI script (/cgi-bin directory ?) and the CGI
script has to be careful to use:

  Content-type: application/x-ns-proxy-autoconfig

Anyway, here it is. Hope it helps...

Look out for the <SNIP>ed and <MODIFIED> sections :-)

Cheers,
Niall

---
#!/usr/local/bin/perl
$remote_addr = $ENV{'REMOTE_ADDR'};
# Set proxy server depending on location.
# Athlone: .a.b.c1 - a.b.c2 range    <MODIFIED (as below)>
# Dublin: ... the rest of the IP range...
# ecn=Ericsson Corporate Network
if ($remote_addr =~ /a.b.c[1-2]/)
  {
   $ecn_direct = "DIRECT; " .
                 "PROXY octopus.eei.ericsson.se:3128; " .
                 "PROXY squid.eei.ericsson.se:3128";
   $ecn_proxy  = "PROXY octopus.eei.ericsson.se:3128; " .
                 "PROXY squid.eei.ericsson.se:3128; " .
                 "DIRECT";
   $ex_proxy   = "PROXY octopus.eei.ericsson.se:3128; " .
                 "PROXY squid.eei.ericsson.se:3128; " .
                 "PROXY external1.ericsson.se:X; " .     <MODIFIED,
obviously>
                 "PROXY external2.ericsson.se:Y";        <MODIFIED -
same below...>
   $ex_sproxy  = "PROXY octopus.eei.ericsson.se:3128; " .
                 "PROXY squid.eei.ericsson.se:3128; " .
                 "PROXY s-proxy.ericsson.se:80";
   $ex_direct  = "PROXY external1.ericsson.se:X; " .
                 "PROXY external2.ericsson.se:Y";
  }
else
  {
   $ecn_direct = "DIRECT; " .
                 "PROXY squid.eei.ericsson.se:3128" ;
   $ecn_proxy  = "PROXY squid.eei.ericsson.se:3128; " .
                 "DIRECT";
   $ex_proxy   = "PROXY squid.eei.ericsson.se:3128; " .
                 "PROXY external1.ericsson.se:X; " .
                 "PROXY external2.ericsson.se:Y";
   $ex_sproxy  = "PROXY squid.eei.ericsson.se:3128; " .
                 "PROXY s-proxy.ericsson.se:80";
   $ex_direct  = "PROXY external1.ericsson.se:X; " .
                 "PROXY external2.ericsson.se:Y";
  }
print <<"EOI";
Content-type: application/x-ns-proxy-autoconfig
// ECN = Ericsson Corporate Network
function FindProxyForURL(url, host)
  {
   // Local network.
   if (isPlainHostName(host) ||
<SNIP>
       dnsDomainIs(host, ".eei.ericsson.se") ||
       dnsDomainIs(host, ".lmi.ericsson.se"))
     return "DIRECT" ;
   // ECN (excluding local network).
   else if (dnsDomainIs(host, "..." <SNIP>
<SNIP>
           ))
          {
           //
------------------------------------------------------------
           // Special cases - go directly for CGI scripts:
           // and ... <SNIP>
           if (shExpMatch(url, "http://*/cgi-bin/*") ||
<SNIP>
             return "$ecn_direct";
           // End of special cases
           //
------------------------------------------------------------
   
           // For HTTP go through our own cache for performance.
           // For FTP go through our own cache to make it work for
           // ftp servers with a root directory other than "/" - this
           // doesn't work in Netscape 2.0x or 3.0 but Squid handles
           // it quite well.
           if (shExpMatch(url, "http:*") ||
               shExpMatch(url, "gopher:*") ||
               shExpMatch(url, "ftp:*"))
             return "$ecn_proxy";
           else
             return "$ecn_direct";
          }
   // External to ECN.
   else
     {
      // For HTTP, FTP and Gopher sites our standard proxies can handle
it.
      // Use local proxies, then EDT proxy.
      if (shExpMatch(url, "http:*") ||
          shExpMatch(url, "ftp:*") ||
          shExpMatch(url, "gopher:*"))
        return "$ex_proxy" ;
      // For secure transfers use our own, then Security proxy.
      else if (shExpMatch(url, "https:*") ||
               shExpMatch(url, "snews:*"))
             return "$ex_sproxy";
      // For WAIS and News use gateway.
      else
        return "$ex_direct" ;
     }
  }
EOI
-- 
Niall Doherty
Systems Engineer
Ericsson Systems Expertise Ltd.,
Beech Hill,                     Telephone: +353 1 207 7506
Clonskeagh,                     Telefax:   +353 1 269 3153
Dublin 4,                       Email:     eeindy@eei.ericsson.se
Ireland.                        MemoID:    EEI.EEINDY
                                ECN:       830 7506