5

We have a Proxy.pac file:

function FindProxyForURL(url, host) {
  if (dnsResolve("ProxyServer") == "10.1.1.116")
    if (dnsDomainLevels(host) == 0 ||
        isInNet(host, "10.0.0.0","255.0.0.0") ||
        isInNet(host, "125.0.0.0","255.0.0.0") ||
        isInNet(host, "127.0.0.0","255.0.0.0") ||
        isInNet(host, "204.223.70.250","255.255.255.255") ||
        dnsDomainIs(host, ".muj.com") ||
        dnsDomainIs(host, "sv.com.gt") ||
        dnsDomainIs(host, "com.es.gt"))
      return "DIRECT";
    else return "PROXY 10.1.1.116:8080";

  else return "DIRECT";
}

Is working properly, but there are many users that are complaining becauses navigation since proxy.pac deployment is taking to long. It seems dnsResolve and isInNet are the cause of the problem. Is there any other way to improve this script? or how to accelarte dns resolve?

jon_d
  • 693
  • 4
  • 7
carloslone
  • 51
  • 1
  • 1
  • 3

2 Answers2

5

Do you have multiple proxy servers in your organization and this .pac file is supposed to be specific to the server with address 10.1.1.116? If not, you can probably just get rid of that check. Since FindProxyForURL() is called for each request your browser needs to make dnsResolve() can potentially block your browser for quite a bit of time depending on how well your DNS works.

If you need that dnsResolve() call then one way to get around that is to move it outside of FindProxyForURL():

var myProxyServerIP = dnsResolve("ProxyServer");

function FindProxyForURL(url, host) {
  if (myProxyServerIP == "10.1.1.116")
    if (dnsDomainLevels(host) == 0 ||
        isInNet(host, "10.0.0.0","255.0.0.0") ||
        isInNet(host, "125.0.0.0","255.0.0.0") ||
        isInNet(host, "127.0.0.0","255.0.0.0") ||
        isInNet(host, "204.223.70.250","255.255.255.255") ||
        dnsDomainIs(host, ".muj.com") ||
        dnsDomainIs(host, "sv.com.gt") ||
        dnsDomainIs(host, "com.es.gt"))
      return "DIRECT";
    else return "PROXY 10.1.1.116:8080";

  else return "DIRECT";
}

This change will make it so that dnsResolve() is only called when the .pac file is loaded instead of every time a request is made to the browser. You'll need to determine for yourself if this is something you can do in your environment based on how often that address would change. But again, your proxy server's address should be static.

Are the subnets you're checking with the isInNet() calls a one-to-one map of the domains you're checking with the dnsDomainIs() calls? If so then you have redundancy there and can remove one one set of calls.

Other than that, I don't see anything else to recommend based on what I can discern of your environment from your question.

squillman
  • 37,618
  • 10
  • 90
  • 145
2

For every isInNet function call a DNS lookup is done if the host is not an ip address. This will slow the process down as you have to do 4 DNS lookups and wait for the response from the DNS server. You can do the following to reduce the number of DNS calls to one.

 function FindProxyForURL(url, host) {
  if (dnsResolve("ProxyServer") == "10.1.1.116")

    hostip=dnsResolve(host);

    if (dnsDomainLevels(host) == 0 ||
        isInNet(hostip, "10.0.0.0","255.0.0.0") ||
        isInNet(hostip, "125.0.0.0","255.0.0.0") ||
        isInNet(hostip, "127.0.0.0","255.0.0.0") ||
        isInNet(hostip, "204.223.70.250","255.255.255.255") ||
        dnsDomainIs(host, ".muj.com") ||
        dnsDomainIs(host, "sv.com.gt") ||
        dnsDomainIs(host, "com.es.gt"))
      return "DIRECT";
    else return "PROXY 10.1.1.116:8080";

  else return "DIRECT";
}
Francois Wolmarans
  • 1,570
  • 10
  • 14