Skip to content
/ proxy-auto-config Public

A proxy auto-config example for allowing access to a list of domains behind a firewall.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fermi-ad/proxy-auto-config

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
proxy.pac
proxy.pac
 
 

Repository files navigation

Proxy Auto-Configuration (PAC)

Note: In order for this config to be used, the repo must be public so that the URL is reachable. This requires Kerberos authentication via SSH.

I explored this because I wanted have a browser that can search Google while accessing resources only available behind a firewall.

My first Google search led me to StackOverflow and consequently to MozillaZine and WikiPedia.

These references and example were enough to get me started and I took the opportunity to refactor it and make it more flexible.

Originally, I was using Firefox's manual proxy to get behind the firewall, but the method sends all traffic to the proxy with a list of exceptions. I want the other way around. I want only certain request to go behind the firewall. Proxy auto-config allows custom code to route traffic and solves my problem.

Example

function FindProxyForURL(url, host) {
  host = host.toLowerCase();
  if (dnsDomainIs(host, "blocked.com") ||
      dnsDomainIs(host, "censored.stuff.com"))
    return "PROXY 123.45.67.89:80"; // (IP:port)

  return "DIRECT";
}

Refactor

function FindProxyForURL(url, host) {
    const shouldProxy = () => {
        return dnsDomainIs(host.toLowerCase(), `fnal.gov`)
        || isInNet(host, `131.225.0.0`, `255.255.0.0`)
    }

    if (shouldProxy())
        return `SOCKS5 localhost:1080; SOCKS localhost:1080; DIRECT`

    return `DIRECT`
}

Enable proxy

There must be a proxy at localhost:1080 for pages within the firewall to work.

ssh -D 1080 basion_host

The above command will proxy requests to localhost:1080 through to bastion_host.

Run this in a terminal to enable requests behind the firewall.

Install proxy.pac

While an OS wide proxy could be useful I found it difficult to troubleshoot and wasn't able to make it work on my MacBook Pro. There are recomendations from around the web to "just use the browser."

Firefox

In the Firefox settings about:preferences#general>Network Settings there is a field for Automatic proxy configuration URL where you can link to an external URL or a local file using file://.

The file must be named proxy.pac.

Chromium

The Chromium team recommends using an extension to enable a proxy on Chromium browsers. I found the Proxy Switcher extension to be well liked and simple.

This also works with Firefox.

Safari

TODO

About

A proxy auto-config example for allowing access to a list of domains behind a firewall.

Topics

network proxy

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Contributors 2

Languages