[squid-users] Authentication\Authorization using a PAC file?
Walter H.
Walter.H at mathemainzel.info
Mon Nov 24 20:26:45 UTC 2014
Hi,
a sample of a .pac-File
function FindProxyForURL( url, host )
{
var strURL = ( decodeURI( url ) ).toLowerCase( );
var strHost = host.toLowerCase( );
// Redirect to proxy with these URLs
if ( ( strURL == "http://flickr.com/images/spaceball.gif" ) ||
( strURL == "..." ) )
return "PROXY host:port;";
// Don't use a proxy with these domains/hosts
if ( dnsDomainIs( strHost, "www.domain.tld" ) ||
dnsDomainIs( strHost, "..." ) )
return "DIRECT";
// Bad words or combinations, use localhost as proxy
if ( ( strURL.search(/advert/) == -1 ) &&
( strURL.search(/banner/) == -1 ) &&
( strURL.search(/realmedia/) == -1 ) &&
( strURL.search(/[^a-z0-9]ads/) == -1 ) &&
( strURL.search(/[a-z][c,k]lick/) == -1 ) );
else
return "PROXY ntwaldivm-001.waldinet.home:8080;";
// Use a proxy on higher domain levels,
// except for educational or academical domains
if ( dnsDomainLevels( strHost ) > 3 )
if ( ( strHost.search(/.ac.[a-z][a-z]/) == ( strHost.length - 6 ) ) ||
( strHost.search(/.edu.[a-z][a-z]/) == ( strHost.length - 7 ) ) ||
( strHost.search(/.mail.yahoo.com/) == ( strHost.length - 15 )
) ||
( strHost.search(/.edu/) == ( strHost.length - 4 ) ) )
return "PROXY host:port;";
else
return "DIRECT";
// DIRECT connections to non-FQDN hosts
if ( isPlainHostName( strHost ) )
return "DIRECT";
// Bad words or combinations in host, use proxy
if ( ( strHost.search(/stat[0-9s]/) == -1 ) &&
( strHost.search(/media/) == -1 ) &&
( strHost.search(/spy/) == -1 ) &&
( strHost.search(/track/) == -1 ) &&
( strHost.search(/trade/) == -1 ) &&
( strHost.search(/klamm/) == -1 ) &&
( strHost.search(/trade/) == -1 ) &&
( strHost.search(/meter/) == -1 ) &&
( strHost.search(/poker/) == -1 ) &&
( strHost.search(/sex/) == -1 ) &&
( strHost.search(/xxx/) == -1 ) &&
( strHost.search(/cash/) == -1 ) &&
( strHost.search(/pay/) == -1 ) &&
( strHost.search(/popup/) == -1 ) &&
( strHost.search(/^ad./) == -1 ) &&
( strHost.search(/^www.ad./) == -1 ) &&
( strHost.search(/^www.free/) == -1 ) &&
( strHost.search(/^www.web/) == -1 ) );
else
return "PROXY host:port;";
// If nothing above matches, then go directly there,
// in case of a DNS failure use proxy
if ( isResolvable( strHost ) )
return "DIRECT";
else
return "PROXY host:port;";
}
any authorization to a proxy in this .pac-File is the same as if the
proxy were
configured directly in the browser;
with such a setup you can use different proxies for e.g. specific sites
even with SSL without SSL-bump ...
Walter
On 24.11.2014 11:25, Eliezer Croitoru wrote:
> I do know that pac files contains some form of JS and in the past I
> have seen couple complex PAC files but unsure about the options.
> I want to know if a PAC file can be used for
> Authentication\Authorization, maybe even working against another
> external system to get a token?
>
> Thanks,
> Eliezer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5971 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141124/38c4c3a0/attachment-0001.bin>
More information about the squid-users
mailing list