Cisco Cisco Web Security Appliance S170 사용자 가이드
6-20
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 6 Web Proxy Services
Adding PAC Files to the Web Security Appliance
Step 3
In the Interface field, select the interface the Web Proxy uses to listen for PAC file requests. You can
choose any interface that is configured for data traffic. This field only appears when multiple interfaces
are configured for data traffic.
choose any interface that is configured for data traffic. This field only appears when multiple interfaces
are configured for data traffic.
Step 4
In the PAC File Expiration section, choose whether to allow the PAC file to expire after a specified
number of minutes in the browser’s cache.
number of minutes in the browser’s cache.
Step 5
Click Browse to upload a PAC file from your local machine to the appliance.
Step 6
Navigate to the PAC file location, select it, and click Open.
Step 7
To add another PAC file, click Add Row, and repeat steps
and
Optionally, PAC files can be served through HTTP proxy ports, such as port 80. To allow this, you must
explicitly configure the hostnames that should serve PAC files and choose a default PAC file for each
hostname. The specified default PAC file name is served when browsers do not include the PAC file name
when requesting the PAC file URL (“GET/” requests). Otherwise, the PAC file name specified in the
URL is served. If a PAC file URL uses an IP address, you can enter the IP address as a configured
hostname.
explicitly configure the hostnames that should serve PAC files and choose a default PAC file for each
hostname. The specified default PAC file name is served when browsers do not include the PAC file name
when requesting the PAC file URL (“GET/” requests). Otherwise, the PAC file name specified in the
URL is served. If a PAC file URL uses an IP address, you can enter the IP address as a configured
hostname.
Step 8
To configure a default PAC file name for different hostnames, in the Hostnames field enter the Web
Security appliance hostname or IP address, or any hostname that resolves to the appliance hostname.
Then choose the default PAC file name in the Default PAC File for “Get/” Request through Proxy Port
field.
Security appliance hostname or IP address, or any hostname that resolves to the appliance hostname.
Then choose the default PAC file name in the Default PAC File for “Get/” Request through Proxy Port
field.
For example, if you enter wsa.example.com in the Hostnames field and pacfile1.pac in the Default PAC
File for “Get/” Request through Proxy Port field, then requests for http://wsa.example.com/ fetch
pacfile1.pac and requests for http://wsa.example.com/default.pac fetch default.pac.
File for “Get/” Request through Proxy Port field, then requests for http://wsa.example.com/ fetch
pacfile1.pac and requests for http://wsa.example.com/default.pac fetch default.pac.
Step 9
Optionally, repeat step
to configure a default PAC file name for all hostnames that resolve to the Web
Security appliance.
Step 10
Submit and commit your changes.
Understanding WPAD Compatibility with Netscape and Firefox
Netscape and Firefox browsers only use DNS to automatically detect PAC files using WPAD. Therefore,
if you want Netscape and Firefox browsers to automatically detect a PAC file stored on the Web Security
appliance, you must complete the following steps:
if you want Netscape and Firefox browsers to automatically detect a PAC file stored on the Web Security
appliance, you must complete the following steps:
1.
Name the PAC file wpad.dat.
2.
Navigate to the Security Services > Web Proxy page, and delete port 80 from the HTTP Ports to
Proxy field.
Proxy field.
3.
Use port 80 as the PAC Server Port when you upload the file to the appliance.
For more information about using WPAD, see
.
Note
These steps also work with Internet Explorer. However, for Internet Explorer version 6, create a copy of
wpad.dat and name it wpad.da.
wpad.dat and name it wpad.da.