Follow

How to customize Endian PAC (Proxy Auto-Configuration) file

By following the below instructions you will be able to append customization to the default PAC file served by the Endian UTM Enterprise Appliance

You need to access your Endian UTM Appliance via SSH or serial console to be able to use nano.

You can find some useful command that can be used on Endian's shell (console) here.

Once you are logged in issue the below command:

 

root@endian:~# nano /var/efw/proxy/proxy.custom.pac

 

 

Warning

Respect the exact following syntax otherwise changes won't be applied.

 

  1. Bypass proxy for a destination domain:
    if ((dnsDomainIs(host, ".mydomain.com")) || (host == "mydomain.com"))
    {return "DIRECT";}
  2. Bypass proxy for a destination IP:
    if (host == "50.50.50.50")
    {return "DIRECT";}
  3. Bypass proxy for a destination subnet:
    if (isInNet(host, "10.1.1.0", "255.255.255.0")) 
    {return "DIRECT";}
  4. Bypass proxy for destination hosts if resolved within an internal IP:
    if (isInNet(dnsResolve(host, "192.168.0.0", "255.255.255.0")))
    {return "DIRECT";}
    
  5. Bypassing proxy for a source subnet:
    if (isInNet(myIpAddress(), "10.10.10.0", "255.255.255.0"))
    {return "DIRECT";}
    
  6. Bypass proxy for multiple destination domains in one statement:
    if ((dnsDomainIs(host, ".mydomain.com")) ||
    (host == "mydomain.com") ||
    (dnsDomainIs(host, ".example.com")) ||
    (host == "example.com") ||
    (dnsDomainIs(host, "otherdomain.com")) ||
    (host == "otherdomain.com"))
    {return "DIRECT";}

 

example (bypass windows updates):

if ((host == "download.microsoft.com") ||
(host == "ntservicepack.microsoft.com") ||
(host == "redir.metaservices.microsoft.com") ||
(host == "images.metaservices.microsoft.com") ||
(host == "c.microsoft.com") ||
(host == "productactivation.one.microsoft.com") ||
(host == "sls.microsoft.com") ||
(host == "cdm.microsoft.com") ||
(host == "wustat.windows.com") ||
(host == "windowsupdate.microsoft.com") ||
(dnsDomainIs(host, ".windowsupdate.microsoft.com")) ||
(host == "update.microsoft.com") ||
(dnsDomainIs(host, ".update.microsoft.com")) ||
(dnsDomainIs(host, ".windowsupdate.com")))
{return 'DIRECT';}

 

Note

Some domains redirect to other domains and some include others or have frames, in that case to correctly whitelist the domain multiple domains should be added accordingly.

 

Troubleshooting

- My PAC file changes are not applied

Browsers could cache a PAC file and in some cases a browser restart is not enough. To force the browser to get the updated PAC file could be necessary to empty the browser cache and close all browser instances.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments