Cisco Cisco ScanSafe Wi-Fi Hotspot Security White Paper
Cisco CWS
– Standalone Deployment Guide
6
Test
Deploy
Prepare
isPlainHostName
(
host
)
– evaluates the host variable provided by FindProxyForURL to see if the
website entered in the browser is simply a host name or a DNS name. If the host variable contains a
simple host name and not a DNS name, the value will return True. This is an easy way to determine if
web traffic should be forwarded to a proxy or be contained within the LAN.
simple host name and not a DNS name, the value will return True. This is an easy way to determine if
web traffic should be forwarded to a proxy or be contained within the LAN.
*Note: Routing of web traffic cannot occur without DNS information. Therefore, a plain host name entered
into the web browser is assumed to be in the LAN and NetBIOS will be used to find it rather than DNS.
into the web browser is assumed to be in the LAN and NetBIOS will be used to find it rather than DNS.
isInNet
(
hostIP, “10.0.0.0”, “255.0.0.0”
)
– evaluates the host variable against two
arguments: The first being an IP address or subnet and the other a subnet mask. The purpose is to
determine if the host being requested by the client resides at a particular IP address or subnet. If it does,
this function returns True.
determine if the host being requested by the client resides at a particular IP address or subnet. If it does,
this function returns True.
shExpMatch
(
url, “*.domainabc.com*”
)
– evaluates a host variable against a host, domain, or url.
If the two values are the same, the function returns True. Wild cards can be used in shExpMatch which
make them very useful, but also present more of a load on the client when evaluating them. Consider this
when you are determining which function to use in your PAC file.
make them very useful, but also present more of a load on the client when evaluating them. Consider this
when you are determining which function to use in your PAC file.
dnsDomainIs
(
host, “vpn.domain.com”
)
– evaluates the host variable against a static domain host
or domain name. DNSDomainis is not compatible with wild cards. This makes them more specific than
shExpMatch but also easier on the client to evaluate. If the domain host or domain name appear in the
host variable, this function will return True.
shExpMatch but also easier on the client to evaluate. If the domain host or domain name appear in the
host variable, this function will return True.
url.substring
(
0, 4
)
==“ftp;”– evaluates a part of the URL variable string. If there is a match, then it
will return true. The first number in the open and closed parentheses defines the start position in the
string. Zero is the first character because computers start counting at zero (instead of one). The second
number defines how many characters to read from the starting position. For example, if the first four
characters in the string are “ftp;”, the function will return True.
string. Zero is the first character because computers start counting at zero (instead of one). The second
number defines how many characters to read from the starting position. For example, if the first four
characters in the string are “ftp;”, the function will return True.
myIpAddress()
– returns the IP address with the highest binding order, which should be the IP address
in use. This holds true for OS’s that are not IPv6 enabled. In an IPv6 enabled OS, IPv6 addresses take
precedence over IPv4 addresses.
precedence over IPv4 addresses.
When using the myIpAddress function more than once, use the function
in a variable so the PAC file is not harvesting the IP address of the client
multiple times.
in a variable so the PAC file is not harvesting the IP address of the client
multiple times.
isInNet(myIpAddress(), “192.168.1.0”,
“255.255.255.0”)
“255.255.255.0”)
– rather than evaluating to see if a host is within a
certain subnet, it is looking to see if the client is within a certain subnet.
This kind of logic can be used to direct groups of clients to different
proxies.
This kind of logic can be used to direct groups of clients to different
proxies.
return “PROXY 1.2.3.4:8080; PROXY 5.6.7.8 and return “DIRECT”;- tells the PAC file to
stop processing code and provide the browser with either a proxy host or group of proxy hosts in fail over
order to forward the web requests, or allow the web requests to go to the client. Open a standard PAC file
template in Notepad ++ and set the language to Java. The first function is FindProxyForURL.
stop processing code and provide the browser with either a proxy host or group of proxy hosts in fail over
order to forward the web requests, or allow the web requests to go to the client. Open a standard PAC file
template in Notepad ++ and set the language to Java. The first function is FindProxyForURL.
Deployment Tip
A conditional statement
says that if some condition
is true, execute code
following the if statement. It
is used to make decisions
on where to send web
traffic.
says that if some condition
is true, execute code
following the if statement. It
is used to make decisions
on where to send web
traffic.