Re: [squid-users] proxy.pac file

Hi, Raj...

On Tuesday 29 August 2006 11:38, Raj wrote:
> I am running squid version 2.5.stable10. All the users use the
> following proxy.pac file (browser pointing to the following proxy.pac
> file).
>
> p3 = "PROXY proxy03.domain.com:3128";
> p4 = "PROXY proxy04.domain.com:3128";
>
> p34 = p3 + "; " + p4;
> p43 = p4 + "; " + p3;
>
> function FindProxyForURL(url, host)
> {
> // All unqualified host names are to go via the GAN (no proxy )
> if (isPlainHostName(host)) return "DIRECT";
>
> // Any "direct" LAN IP connections are allowed
> if (shExpMatch(url, "*://172.*") ||

I prefer shExpMatch(host, "172.*") but it's a matter of taste.

> shExpMatch(url, "*://10.*") ||
> shExpMatch(url, "*://192.168.*") ||
> shExpMatch(url, "*://127.0.0.1*")) return "DIRECT";

127.* ?

> // Assign Proxy based on IP Address of Client
> // VLAN's 96 --> 111
> if (isInNet(myIpAddress(), "172.26.96.0", "255.255.240.0")) return
> p34;
>
>
> // VLAN's 112 --> 128
> if (isInNet(myIpAddress(), "172.26.112.0", "255.255.240.0")) return
> p43;
>
> else
> return p34;
> }
>
>
> All the users from 172.26.96.0 - 172.26.111.0 subnet goes to
> proxy03.domain.com first. If proxy03 is down the client should
> automatically try proxy04.domain.com. But that's not happening. If
> proxy03 is down, the clients are not failing over to proxy04. Is there
> any syntax error in p34.

Looks correct to me. According to
http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html the
result is defined as:

"If there are multiple semicolon-separated settings, the left-most setting
will be used, until the Navigator fails to establish the connection to the
proxy. In that case the next value will be used, etc."

That's the description for the ancient Netscape. But IMHO it works the same
way in other clients.

> Should I have some thing like this to work.
>
> if (isInNet(myIpAddress(), "172.26.96.0", "255.255.240.0"))
>
> return "PROXY proxy03.domain.com:3128; PROXY proxy04.domain.com:3128;
>
> Or can I add the following 'A' records to my DNS server
>
> proxy IN A 172.16.0.1 ; IP address of proxy03
> IN A 172.16.0.2 ; IP address of proxy04
>
> and
>
> in the proxy.pac file
>
> if (isInNet(myIpAddress(), "172.26.96.0", "255.255.240.0"))
>
> return "PROXY proxy.domain.com:3128;

Don't try the DNS thingy. It may work in e.g. Linux and Mac but Windows is
known to have trouble with DNS caching. And the Internet Explorer/Windows
will probably resolve the name via DNS to just one IP address and stupidly
try to connect to that IP address time and again.

If you are looking for sophisticated load balancing and don't want to spend
money on a hardware load-balancer there's also the "Super Proxy Script"
(google for it) which uses a home-made hashing algorithm within the
proxy.pac to distribute requests.

 Christoph
Received on Tue Aug 29 2006 - 13:24:51 MDT