5

If I am in one autoproxy PAC file and returning the "PROXY xxx.com:80" option, can that link be to another PAC file? Do the url and host parameters for FindProxyForURL(url, host) stay the same or is there something lost?

Continuing on the same topic, what if one or both of these proxy files are hosted behind HTTPS?

beauXjames
  • 103
  • 8
  • You should reword your question, perhaps with more of an example, as there is no 'link' what you have described. I will say that PAC consumers are of a wide degree of quality, and so the simpler the better. The website http://findproxyforurl.com/ is the best reference I have seen on the topic of PAC files. One warning though: it can be very difficult to have some things forget what whey have learned from PAC. – Cameron Kerr Jun 24 '16 at 13:11
  • Also, its worth pointing out that a PROXY statement does not point to a website, but to a HTTP proxy such as Squid. – Cameron Kerr Jun 24 '16 at 13:12
  • if the PROXY statement HAS to be a legitimate proxy and not just another PAC file, then that would answer my question about chaining them – beauXjames Jun 24 '16 at 18:46
  • Yes, it has to be a proxy. Any logic you want to implement with regard to which PAC file gets delivered should be done via WPAD, such as pointing, via DHCP to a different PAC URL, or in the web server configuration, or if you want something more dynamic, then have the PAC file be a script processed by the web server, such as a CGI script or PHP. – Cameron Kerr Jun 26 '16 at 00:09

1 Answers1

2

The doc says (reformatted):

Table 11.2

FindProxyForURL return values and resulting action of Netscape Navigator

DIRECT: Make connections directly to the server without going through any proxies.

PROXY host:port: Use the specified proxy and port number. If multiple values are separated by semicolons, the first proxy is used. If that proxy fails, then the next proxy is used, and so on.

This means: It is not a URL, but a hostname (or IP address) and port number.

You can't daisy-chain PAC files, but WPAD might come in handy depending on what you're trying to accomplish.

Marki
  • 2,795
  • 3
  • 27
  • 45
  • WPAD is a security abortion. I would never recommend that for anything. – Greg Askew Jun 26 '16 at 02:08
  • when attempting to make an internal hack in hopes to work around the imposed security layer that could be fixed by a one-liner by IT however an entire department has to wait we do what we need to...thanks – beauXjames Jun 27 '16 at 14:15
  • btw...thanks...I missed that doc reference...really not my genre to begin with, but we had to get a domain extension through for internal testing and the current PAC/PROXY combo was bonking us – beauXjames Jun 27 '16 at 14:18