[squid-users] Authentication\Authorization using a PAC file?

Walter H. Walter.H at mathemainzel.info
Mon Nov 24 20:26:45 UTC 2014


Hi,

a sample of a .pac-File

function FindProxyForURL( url, host )
{
   var strURL = ( decodeURI( url ) ).toLowerCase( );

   var strHost = host.toLowerCase( );

   // Redirect to proxy with these URLs
   if ( ( strURL == "http://flickr.com/images/spaceball.gif" ) ||
        ( strURL == "..." ) )
     return "PROXY host:port;";

   // Don't use a proxy with these domains/hosts
   if ( dnsDomainIs( strHost, "www.domain.tld" ) ||
        dnsDomainIs( strHost, "..." ) )
     return "DIRECT";

   // Bad words or combinations, use localhost as proxy
   if ( ( strURL.search(/advert/) == -1 ) &&
        ( strURL.search(/banner/) == -1 ) &&
        ( strURL.search(/realmedia/) == -1 ) &&
        ( strURL.search(/[^a-z0-9]ads/) == -1 ) &&
        ( strURL.search(/[a-z][c,k]lick/) == -1 ) );
   else
     return "PROXY ntwaldivm-001.waldinet.home:8080;";

   // Use a proxy on higher domain levels,
   // except for educational or academical domains
   if ( dnsDomainLevels( strHost ) > 3 )
     if ( ( strHost.search(/.ac.[a-z][a-z]/) == ( strHost.length - 6 ) ) ||
          ( strHost.search(/.edu.[a-z][a-z]/) == ( strHost.length - 7 ) ) ||
          ( strHost.search(/.mail.yahoo.com/) == ( strHost.length - 15 ) 
) ||
          ( strHost.search(/.edu/) == ( strHost.length - 4 ) ) )
       return "PROXY host:port;";
     else
       return "DIRECT";

   // DIRECT connections to non-FQDN hosts
   if ( isPlainHostName( strHost ) )
     return "DIRECT";

   // Bad words or combinations in host, use proxy
   if ( ( strHost.search(/stat[0-9s]/) == -1 ) &&
        ( strHost.search(/media/) == -1 ) &&
        ( strHost.search(/spy/) == -1 ) &&
        ( strHost.search(/track/) == -1 ) &&
        ( strHost.search(/trade/) == -1 ) &&
        ( strHost.search(/klamm/) == -1 ) &&
        ( strHost.search(/trade/) == -1 ) &&
        ( strHost.search(/meter/) == -1 ) &&
        ( strHost.search(/poker/) == -1 ) &&
        ( strHost.search(/sex/) == -1 ) &&
        ( strHost.search(/xxx/) == -1 ) &&
        ( strHost.search(/cash/) == -1 ) &&
        ( strHost.search(/pay/) == -1 ) &&
        ( strHost.search(/popup/) == -1 ) &&
        ( strHost.search(/^ad./) == -1 ) &&
        ( strHost.search(/^www.ad./) == -1 ) &&
        ( strHost.search(/^www.free/) == -1 ) &&
        ( strHost.search(/^www.web/) == -1 ) );
   else
     return "PROXY host:port;";

   //  If nothing above matches, then go directly there,
   //  in case of a DNS failure use proxy
   if ( isResolvable( strHost ) )
     return "DIRECT";
   else
     return "PROXY host:port;";
}

any authorization to a proxy in this .pac-File is the same as if the 
proxy were
configured directly in the browser;
with such a setup you can use different proxies for e.g. specific sites
  even with SSL without SSL-bump ...

Walter


On 24.11.2014 11:25, Eliezer Croitoru wrote:
> I do know that pac files contains some form of JS and in the past I
> have seen couple complex PAC files but unsure about the options.
> I want to know if a PAC file can be used for
> Authentication\Authorization, maybe even working against another
> external system to get a token?
>
> Thanks,
> Eliezer


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5971 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141124/38c4c3a0/attachment-0001.bin>


More information about the squid-users mailing list