Cisco Cisco Web Security Appliance S670 User Guide
84
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
WO R K I N G W I T H PA C F I L E S
A proxy auto-config (PAC) file is a text file that defines how web browsers can automatically
choose the appropriate proxy server for fetching a given URL.
choose the appropriate proxy server for fetching a given URL.
When you use a PAC file, you only need to configure each browser once with the PAC file
information. Then, you can edit the PAC file multiple times to add, delete, or change Web
Proxy connection information without editing each browser. This way you can configure the
proxy information about your network in a centralized location and update it easily.
information. Then, you can edit the PAC file multiple times to add, delete, or change Web
Proxy connection information without editing each browser. This way you can configure the
proxy information about your network in a centralized location and update it easily.
Note — Once a browser has read a PAC file, it stores it in memory for the remainder of the
browser session.
browser session.
You might want to use a PAC file for the following reasons:
• Centralized management. You can manage the PAC file in a single, central location.
• Complex network environment. If the network of proxy servers is complicated, you can
create a PAC file to accommodate different server and client needs.
• Changing network environment. If your network environment is likely to change in the
future, you can easily add, edit, or delete proxy servers in the PAC and have the changes
automatically affect all browsers.
automatically affect all browsers.
• Failover. If you have multiple proxy servers, you can provide redundancy in case of
failure. You can either program the PAC file to be redundant, or if a failure occurs, change
the PAC file to use a different proxy server.
the PAC file to use a different proxy server.
Note — Different browsers take different amounts of time to fail over to a secondary
proxy. For example, Internet Explorer takes about 25 seconds, and Firefox takes about 50
seconds.
proxy. For example, Internet Explorer takes about 25 seconds, and Firefox takes about 50
seconds.
• Load balancing. If you have multiple proxy servers, you can use the PAC file to specify
which requests go to which proxy server. For example, you might want users on one
subnet to use a particular proxy and users on a different subnet to use a different proxy.
subnet to use a particular proxy and users on a different subnet to use a different proxy.
PAC File Format
The PAC file must include at least one JavaScript function, FindProxyForURL(url, host). The
JavaScript function determines the appropriate proxy to use for each URL.
JavaScript function determines the appropriate proxy to use for each URL.
For example, if the Web Security appliance host name is WSA.example.com, you could
create a PAC file that includes the following text:
create a PAC file that includes the following text:
Note — The port you specify in the FindProxyForURL() function should be a proxy port for
the Web Security appliance configured on the Security Services > Proxy Settings page.
the Web Security appliance configured on the Security Services > Proxy Settings page.
function FindProxyForURL(url, host) { return “PROXY
WSA.example.com:3128; DIRECT”; }
WSA.example.com:3128; DIRECT”; }