Forum Discussion

Seckin_149390's avatar
Seckin_149390
Icon for Nimbostratus rankNimbostratus
Apr 17, 2019

How to Exclude Domains or IP Addresses from proxy.pac file

Hi Everyone,

 

We are using forcepoint proxy devices behind F5 and sending proxy.pac file from F5 VIP if HTTP URI is equal /proxy.pac. (There is no problem with it. It works when the connection hits to VIP and download proxy.pac file)

 

My question is that Can i write an irule for this proxy.pac file in order to exclude some domains or ip addresses. For example; if HTTP host is equal or , do not use proxy devices and go to internet directly. (direct to firewall)

 

if not, get the pac file and forward to traffic forcepoint devices.

 

Regards... Seckin

 

1 Reply

  • Hi Seckin,

    you could either host an already changed copy of your

    /proxy.pac
    file within an iRule, so that HTTP requests to
    /proxy.pac
    will become intercepted and HTTP responded by this iRule.

    If you need to retain certain dynamics of your existing

    /proxy.pac
    file (e.g. the file gets dynamically generated based on the current Forcepoint Proxy configuration), then you could use LTMs
    [STREAM::*]
    commands to modify the script as needed (e.g. add some lines right after
    function FindProxyForURL(x, y) {
    before delivering the
    /proxy.pac
    response to your clients.

    To help you further you will need to post your current

    /proxy.pac
    file (or at least an anonymized version of it) and explain if you are fine to host the pac file on your LTM or if you need to modify certain parts on-the-fly.

    Cheers, Kai