Cisco Cisco Web Security Appliance S170 사용자 가이드
6-14
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 6 Web Proxy Services
Working with PAC Files
•
Manual. Manual configuration involves typing the Web Security appliance hostname and port
number, such as 3128, in each client application. If the appliance changes, you must edit each
application individually. You might want to manually configure an application when you are testing
proxy access on a single client machine. Cisco does not recommend manually configuring each
client application to use the appliance Web Proxy.
number, such as 3128, in each client application. If the appliance changes, you must edit each
application individually. You might want to manually configure an application when you are testing
proxy access on a single client machine. Cisco does not recommend manually configuring each
client application to use the appliance Web Proxy.
•
Proxy auto-config (PAC) file. For web browsers, you can configure each browser to use a PAC file
to find the Web Proxy. Then you can edit the PAC file to specify the appliance Web Proxy
information. For more information, see
to find the Web Proxy. Then you can edit the PAC file to specify the appliance Web Proxy
information. For more information, see
.
For more information about how to configure client applications to use a proxy, see the client application
documentation.
documentation.
Working with PAC Files
A proxy auto-config (PAC) file is a text file that defines how web browsers can automatically choose the
appropriate proxy server for fetching a given URL.
appropriate proxy server for fetching a given URL.
When you use a PAC file, you only need to configure each browser once with the PAC file information.
Then, you can edit the PAC file multiple times to add, delete, or change Web Proxy connection
information without editing each browser. This way you can configure the proxy information about your
network in a centralized location and update it easily.
Then, you can edit the PAC file multiple times to add, delete, or change Web Proxy connection
information without editing each browser. This way you can configure the proxy information about your
network in a centralized location and update it easily.
Note
Once a browser has read a PAC file, it stores it in memory for the remainder of the browser session.
You might want to use a PAC file for the following reasons:
•
Centralized management. You can manage the PAC file in a single, central location.
•
Complex network environment. If the network of proxy servers is complicated, you can create a
PAC file to accommodate different server and client needs.
PAC file to accommodate different server and client needs.
•
Changing network environment. If your network environment is likely to change in the future, you
can easily add, edit, or delete proxy servers in the PAC and have the changes automatically affect all
browsers.
can easily add, edit, or delete proxy servers in the PAC and have the changes automatically affect all
browsers.
•
Failover. If you have multiple proxy servers, you can provide redundancy in case of failure. You can
either program the PAC file to be redundant, or if a failure occurs, change the PAC file to use a
different proxy server.
either program the PAC file to be redundant, or if a failure occurs, change the PAC file to use a
different proxy server.
Note
Different browsers take different amounts of time to fail over to a secondary proxy. For example,
Internet Explorer takes about 25 seconds, and Firefox takes about 50 seconds.
Internet Explorer takes about 25 seconds, and Firefox takes about 50 seconds.
•
Load balancing. If you have multiple proxy servers, you can use the PAC file to specify which
requests go to which proxy server. For example, you might want users on one subnet to use a
particular proxy and users on a different subnet to use a different proxy.
requests go to which proxy server. For example, you might want users on one subnet to use a
particular proxy and users on a different subnet to use a different proxy.
PAC File Format
The PAC file must include at least one JavaScript function, FindProxyForURL(url, host). The JavaScript
function determines the appropriate proxy to use for each URL.
function determines the appropriate proxy to use for each URL.