PAC (Proxy Auto-Configuration)
Basic Definition
PAC (Proxy Auto-Configuration) is a JavaScript-based file that defines rules for web browsers and other network applications to automatically select the appropriate proxy server (or direct connection) for a given URL. Instead of manually configuring a single proxy for all traffic, a PAC file enables dynamic proxy selection based on factors like the destination domain, IP address, or network location. This is widely used in enterprise networks, educational institutions, and organizations with complex proxy setups to optimize traffic routing and security.
Core Working Principles
1. PAC File Structure
A PAC file is a plain-text file containing a single JavaScript function: FindProxyForURL(url, host). This function is executed by the browser every time a request is made, and returns a string specifying the proxy (or direct connection) to use.
Key Components:
url: The full URL of the request (e.g.,https://www.example.com).host: The hostname extracted from the URL (e.g.,www.example.com).- Return Values:
DIRECT: Connect directly to the destination (no proxy).PROXY proxy.example.com:8080: Use the specified proxy server and port.SOCKS socks.example.com:1080: Use a SOCKS proxy (for non-HTTP traffic).- Multiple options (comma-separated): The browser tries proxies in order (e.g.,
PROXY proxy1:8080; PROXY proxy2:8080; DIRECT).
2. PAC File Deployment
- The PAC file is hosted on a web server (e.g.,
http://intranet.example.com/proxy.pac). - Browsers/devices are configured to use the PAC file URL (via network settings or group policies in enterprises).
- The browser downloads the PAC file (and caches it locally) to evaluate proxy rules for each request.
3. Rule Evaluation
For every HTTP/HTTPS request, the browser:
- Extracts the
urlandhostfrom the request. - Executes the
FindProxyForURLfunction in the PAC file. - Applies the returned proxy rule (e.g., use proxy for external sites, direct for internal sites).
Common PAC File Functions
PAC files use built-in JavaScript functions to define routing rules (supported by all modern browsers):
| Function | Description | Example |
|---|---|---|
isPlainHostName(host) | Checks if the host is a local/intranet name (no domain suffix). | if (isPlainHostName(host)) return "DIRECT"; |
dnsDomainIs(host, domain) | Verifies if the host belongs to a specific domain. | if (dnsDomainIs(host, ".example.com")) return "DIRECT"; |
shExpMatch(url, pattern) | Matches the URL against a shell-style wildcard pattern. | if (shExpMatch(url, "*.youtube.com/*")) return "PROXY proxy.example.com:8080"; |
isInNet(host, ipPattern, mask) | Checks if the host’s IP is in a specific subnet. | if (isInNet(host, "192.168.0.0", "255.255.0.0")) return "DIRECT"; |
dnsResolve(host) | Resolves the host to an IP address (use cautiously—may cause DNS delays). | var ip = dnsResolve(host); if (isInNet(ip, "10.0.0.0", "255.0.0.0")) return "DIRECT"; |
Example PAC File
javascript
运行
function FindProxyForURL(url, host) {
// Direct connection for intranet hosts (no domain suffix)
if (isPlainHostName(host)) {
return "DIRECT";
}
// Direct connection for internal domains
if (dnsDomainIs(host, ".example.com") || dnsDomainIs(host, ".intranet")) {
return "DIRECT";
}
// Use proxy for YouTube, Netflix (streaming)
if (shExpMatch(url, "*.youtube.com/*") || shExpMatch(url, "*.netflix.com/*")) {
return "PROXY stream-proxy.example.com:8080";
}
// Use default proxy for all other traffic
return "PROXY default-proxy.example.com:8080; DIRECT";
}
Advantages of PAC
1. Dynamic Proxy Selection
Enables granular control over traffic routing (e.g., direct access for internal sites, proxy for external/streaming sites) without manual reconfiguration.
2. Centralized Management
PAC files are hosted centrally, so rule changes are applied to all devices automatically (no need to update each browser individually).
3. Fallback Options
Supports multiple proxy servers (e.g., PROXY proxy1; PROXY proxy2; DIRECT), ensuring connectivity if one proxy fails.
4. Reduced Bandwidth Usage
By routing only non-essential traffic (e.g., streaming) through proxies, enterprises can optimize bandwidth for critical business applications.
Limitations of PAC
1. JavaScript Execution Overhead
The browser executes the PAC function for every request, which may introduce minor latency (especially with complex rules or DNS lookups).
2. Limited Protocol Support
PAC files primarily work for HTTP/HTTPS traffic—they do not handle non-HTTP protocols (e.g., FTP, SSH) unless the application supports PAC (most modern apps do, but legacy tools may not).
3. DNS Dependency
Functions like dnsResolve(host) or isInNet(host, ...) require DNS resolution, which can fail if the DNS server is unreachable (e.g., offline).
4. Security Risks
If the PAC file is hosted on an untrusted server or intercepted, attackers could redirect traffic to malicious proxies (mitigate with HTTPS for PAC file hosting and enterprise-grade security).
Use Cases for PAC
1. Enterprise Networks
- Route internal traffic directly to intranet servers and external traffic through corporate proxies (for security/filtering).
- Redirect streaming/social media traffic to dedicated proxies to manage bandwidth.
2. Educational Institutions
- Block access to inappropriate content via proxies while allowing direct access to internal learning resources.
3. Remote Workforces
- Configure PAC files to route traffic through VPN proxies for secure access to corporate resources when working remotely.
4. ISPs & Content Providers
- Use PAC files to direct users to geographically optimized proxies for faster content delivery (e.g., video streaming).
PAC vs. Static Proxy Configuration
| Feature | PAC | Static Proxy |
|---|---|---|
| Proxy Selection | Dynamic (rules-based) | Fixed (single proxy for all traffic) |
| Management | Centralized (update once for all devices) | Manual (per-device configuration) |
| Flexibility | Supports multiple proxies/fallbacks | Single proxy only |
| Latency | Minor overhead (function execution) | No overhead |
| Use Case | Complex networks (enterprise/education) | Simple setups (home/small business) |
- 10AWG Tinned Copper Solar Battery Cables
- NEMA 5-15P to Powercon Extension Cable Overview
- Dual Port USB 3.0 Adapter for Optimal Speed
- 4-Pin XLR Connector: Reliable Audio Transmission
- 4mm Banana to 2mm Pin Connector: Your Audio Solution
- 12GB/s Mini SAS to U.2 NVMe Cable for Fast Data Transfer
- CAB-STK-E Stacking Cable: 40Gbps Performance
- High-Performance CAB-STK-E Stacking Cable Explained
- Best 10M OS2 LC to LC Fiber Patch Cable for Data Centers
- Mini SAS HD Cable: Boost Data Transfer at 12 Gbps
- Multi Rate SFP+: Enhance Your Network Speed
- Best 6.35mm to MIDI Din Cable for Clear Sound
- 15 Pin SATA Power Splitter: Solutions for Your Device Needs
- 9-Pin S-Video Cable: Enhance Your Viewing Experience
- USB 9-Pin to Standard USB 2.0 Adapter: Easy Connection
- 3 Pin to 4 Pin Fan Adapter: Optimize Your PC Cooling
- S-Video to RCA Cable: High-Definition Connections Made Easy
- 6.35mm TS Extension Cable: High-Quality Sound Solution
- BlackBerry Curve 9360: Key Features and Specs
- BlackBerry Curve 9380: The First All-Touch Model
- BlackBerry Bold 9000 Review: Iconic 2008 Business Smartphone
- BlackBerry Bold 9700 Review: Specs & Features
- BlackBerry Bold 9780: The Ultimate Business Smartphone
Ruigu Electronic 
Leave a comment