Cisco Cisco Web Security Appliance S390 ユーザーガイド
5-16
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 5 Web Proxy Services
Working with PAC Files
Specifying the PAC File in Browsers
To use a PAC file, you must publish the PAC file in a location that can be accessed by each browser that
needs to access it. When you configure a browser to use a PAC file, you can use either of the following
methods:
needs to access it. When you configure a browser to use a PAC file, you can use either of the following
methods:
•
Enter the PAC file location. See
.
•
Detect the PAC file location automatically. See
.
Entering the PAC File Location
You can configure a browser to use a PAC file by specifying the exact location of the file. You might
want to enter the exact PAC file location for laptop users who might need to use different proxy servers
depending on their current location.
want to enter the exact PAC file location for laptop users who might need to use different proxy servers
depending on their current location.
You can place the PAC file in the following locations:
•
Local machine. You can place the PAC file on each client machine and configure the browsers to
use it. You might want to use a local PAC file to test a PAC file before deploying it to the entire
organization. Enter the path in the browser configuration. The path you enter depends on the browser
type.
use it. You might want to use a local PAC file to test a PAC file before deploying it to the entire
organization. Enter the path in the browser configuration. The path you enter depends on the browser
type.
•
Web server. You can place the PAC file on a web server that each client machine can access. For
example, you can place the PAC file on an Apache or Microsoft IIS web server. Enter the URL in
the browser configuration.
example, you can place the PAC file on an Apache or Microsoft IIS web server. Enter the URL in
the browser configuration.
•
Web Security appliance. You can place the PAC file on the Web Security appliance. You might
want to put the PAC file on the Web Security appliance to verify every client machine can access it
within the network. Enter the URL in the browser configuration.
want to put the PAC file on the Web Security appliance to verify every client machine can access it
within the network. Enter the URL in the browser configuration.
For more information about uploading PAC files to the Web Security appliance, see
Detecting the PAC File Location Automatically
If a browser supports the Web Proxy Autodiscovery Protocol (WPAD), you can configure it to
automatically detect the PAC file location. WPAD is a protocol that allows the browser determine the
location of the PAC file using DHCP and DNS lookups.
automatically detect the PAC file location. WPAD is a protocol that allows the browser determine the
location of the PAC file using DHCP and DNS lookups.
Before fetching its first page, a web browser configured to automatically detect the PAC file location
tries to find the PAC file using DHCP or DNS. Therefore, to use WPAD, you must set up either a DHCP
server or a DNS server to direct web browser requests to the PAC file on a network server. However, not
all browsers support DHCP to find the PAC file using WPAD.
tries to find the PAC file using DHCP or DNS. Therefore, to use WPAD, you must set up either a DHCP
server or a DNS server to direct web browser requests to the PAC file on a network server. However, not
all browsers support DHCP to find the PAC file using WPAD.
This section includes some general guidelines for using WPAD with DNS “A” records. For more detailed
information, or for information about using WPAD with DHCP, see the following locations:
information, or for information about using WPAD with DHCP, see the following locations:
•
http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
•
http://www.wpad.com/draft-ietf-wrec-wpad-01.txt
•
http://www.microsoft.com/technet/isa/2004/plan/automaticdiscovery.mspx
When you use WPAD with DNS, each domain on the network can only use one PAC file for all users on
a domain because only domain name can uniquely identify a PAC file using DNS. For example, users on
host1.accounting.example.com and host2.finance.example.com can use different PAC files.
a domain because only domain name can uniquely identify a PAC file using DNS. For example, users on
host1.accounting.example.com and host2.finance.example.com can use different PAC files.