Cisco Cisco Web Security Appliance S170 사용자 가이드
5-15
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 5 Web Proxy Services
Working with PAC Files
•
Load balancing. If you have multiple proxy servers, you can use the PAC file to specify which
requests go to which proxy server. For example, you might want users on one subnet to use a
particular proxy and users on a different subnet to use a different proxy.
requests go to which proxy server. For example, you might want users on one subnet to use a
particular proxy and users on a different subnet to use a different proxy.
PAC File Format
The PAC file must include at least one JavaScript function, FindProxyForURL(url, host). The JavaScript
function determines the appropriate proxy to use for each URL.
function determines the appropriate proxy to use for each URL.
For example, if the Web Security appliance hostname is WSA.example.com, you could create a PAC file
that includes the following text:
that includes the following text:
Note
The port you specify in the FindProxyForURL() function should be a proxy port for the Web Security
appliance configured on the Security Services > Web Proxy page.
appliance configured on the Security Services > Web Proxy page.
However, you can make PAC files more complex. For example, you can create a PAC file that instructs
the browser to connect directly to the website under certain conditions, such as matching on a particular
hostname or IP address, and to use the proxy server in all other cases. You can create a PAC file that
instructs applications to go directly to the website for servers on your intranet.
the browser to connect directly to the website under certain conditions, such as matching on a particular
hostname or IP address, and to use the proxy server in all other cases. You can create a PAC file that
instructs applications to go directly to the website for servers on your intranet.
For more information about creating and using PAC files, see the following locations:
•
http://en.wikipedia.org/wiki/Proxy_auto-config
•
http://www.mozilla.org/catalog/end-user/customizing/enduserPAC.html
•
http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html
Note
Common convention is to use the .pac file extension for PAC file names.
Creating a PAC File for Remote Users
Some laptop users connect to the Internet both from inside your organization’s network and outside the
network. For these users, you can create a PAC file that informs the browser to connect to the Web Proxy
when they are on the network, and to connect directly to web servers when they are not on the network.
network. For these users, you can create a PAC file that informs the browser to connect to the Web Proxy
when they are on the network, and to connect directly to web servers when they are not on the network.
To do this, make sure the PAC file is hosted on a web server that is DNS resolvable inside the network,
but not DNS resolvable outside the network. This works because when you enter a URL for the PAC file
location, the browser will always try to use the PAC file in the configured location. If the browser cannot
resolve the URL, such as when it is outside the network, it tries to access all web sites directly instead.
Then when the laptop connects to the network again, the browser can access the PAC file and will use
the Web Proxy to access web sites.
but not DNS resolvable outside the network. This works because when you enter a URL for the PAC file
location, the browser will always try to use the PAC file in the configured location. If the browser cannot
resolve the URL, such as when it is outside the network, it tries to access all web sites directly instead.
Then when the laptop connects to the network again, the browser can access the PAC file and will use
the Web Proxy to access web sites.
function FindProxyForURL(url, host) { return “PROXY WSA.example.com:3128; DIRECT”; }