HowTo: Use Auto Config Proxy PAC File For Specific Domain

I would like to use the squid proxy server only for one domain called foo.example.com. How do I auto-configuring proxy settings with a PAC file to hide one domain and connect everything else directly? How do I specify a URL in a PAC file to bypass proxy server? How do I create exceptions using a PAC file?

Tutorial details
DifficultyIntermediate (rss)
Root privilegesYes
RequirementsWeb server
Javascript skills
TimeN/A
A PAC file is nothing but proxy auto-configuration file. This is a specialized JavaScript function definition that a browser calls to determine how requests are handled. In other words, you need the Javascript skills for most PAC file development.

ADVERTISEMENTS

Syntax

A very simple example of a PAC file is:

   function FindProxyForURL(url, host)
   {
      return "PROXY server1.cyberciti.biz:3128; DIRECT";
   }

You need to create and upload proxy.pac file in your web server DocumentRoot. This file set a basic proxy server for every request your browser makes using server1.cyberciti.biz at port 3128. Firefox, Chrome, Opera, and IE uses your computer’s system proxy settings to connect to the network. However, you can change these settings by visiting network settings option. You need to supply the url for proxy.pac file. In the Automatic proxy connfiguration URL box, type the url of the proxy.pac file such as http://192.168.1.100/proxy.pac or http://server1.cyberciti.biz/proxy.pac:

Fig.01: Setting firefox pac file url

Fig.01: Setting firefox pac file url

Example

In this example, you use the proxy server for foo.example.com, and directly connect to all other site.

function FindProxyForURL(url, host) {
    if ( localHostOrDomainIs(host, "foo.example.com") ) {
        return "PROXY server1.cyberciti.biz:3128";
    } else {
        return "DIRECT";
    }
}

This proxy.pac file allows to connect various hosts / domains via the proxy server and rest hosts directly to the Internet:

function FindProxyForURL(url, host) {
    // Your proxy server name and port
    var proxyserver = 'server1.cyberciti.biz:3128';
    //
    //  Here's a list of hosts to connect via the PROXY server
    //
    var proxylist = new Array(
        "nixcraft.com",
        "reddit.com",
        "www.cyberciti.biz",
        "mail.google.com",
        "www.pandora.com",
        "www.google.com"
    );
    // Return our proxy name for matched domains/hosts
    for(var i=0; i<proxylist.length; i++) {
        var value = proxylist[i];
        if ( localHostOrDomainIs(host, value) ) {
            return "PROXY "+proxyserver;
        }
    }
    return "DIRECT";
}

You create a PAC files are easily modified to specify any number of URLs that will bypass the proxy or include in the proxy i.e. exceptions can be created using the following syntax:

if (shExpMatch(url, "*.slashdot.org/*"))
   {return "DIRECT";}

OR connect reddit.com via the proxy server:

if (shExpMatch(url, "*.reddit.com/*"))
   {return "PROXY proxy42.ca.cyberciti.biz:8080";}
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
6 comments… add one
  • petrescs Nov 21, 2012 @ 13:15

    Additionally, Web Proxy Autodiscovery Protocol (WPAD) can be used http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol – this can work either through DHCP settings or DNS lookups (wpad.dat can link to or replace proxy.pac, but content remains identic). This way there’s no need for explicit input of proxy URL, just keep default “Auto-detect proxy settings for this network”.

  • milky Jul 30, 2013 @ 10:22

    Hi,
    do you know that package manager works with authomatic proxy conf url? I work on Debian..

  • justin Sep 12, 2013 @ 7:17

    What if you want a new proxy for each url – ie a new proxy everytime a new page is loaded (on the same domain)?

  • marco luis Sep 22, 2014 @ 10:49

    what is the proxy that I need in connecting into the Internet

  • Greg Mar 18, 2015 @ 8:03

    I’m trying to implement a pac file for google chrome, managed by GPOs with adm templates for DCs. That works fine, if I set proxy manual for testings. But we’re having multiple proxies for each location and it should be able to switch proxy if its in another internal vlan/network. I’m on testing now and do have several problems. A main problem is that when I take off the laptop from the docking station (ethernet) and try to surf / connect to a external webpage (wlan), it can’t be reached. Its not working but I declared all the vlans in the pac file. Do you have any experience with that? I’m trying to find examples for that but all I did find were examples for multiple networks with the same proxy. Thank you in advance, Greg

  • Mukesh Garg Apr 8, 2015 @ 11:26

    What if the list of specific domain names which I want to pass through a proxy is dynamic. I can not specify that in the array as mentioned in the above example. Can I read the list of the domains from a file or somewhere else ?

    -Mukesh

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.