0

So i have squid proxy server installed and running on my ec2 instance. my task is to have any pc client connected to the proxy only the proxy when accessing certain sites and will use regular wifi connection for everything else. Something like a whitelist, or only use the proxy for certain specific sites and nothing else.

Is such a thing achievable by any chance?

any help or guidance is greatly appreciated.

Cheers!

Ghaith Haddad
  • 53
  • 1
  • 3
  • 6

1 Answers1

0

Yes, this is a typical PAC file usage, check the below example code:

function FindProxyForURL(url, host) {

// If the hostname matches, send to the proxy.
    if (dnsDomainIs(host, "exampldomain.com") ||
        shExpMatch(host, "(*.abcdomain.com|abcdomain.com)"))
        return "PROXY 1.2.3.4:8080";


// DEFAULT RULE: All other traffic, send direct.
    return "DIRECT";

}

dnsDomainIs and shExpMatch are two functions of checking a domain name for a match, dnsDomainIs evaluates hostnames and returns true if hostnames match. Used mainly to match and exception individual hostnames. shExpMatch will attempt to match hostname or URL to a specified shell expression, and returns true if matched.

If you would like to have the user try to connect direct if it is unable to reach the proxy, then you will need to modify this line:

return "PROXY 1.2.3.4:8080";

To be:

return "PROXY 1.2.3.4:8080; DIRECT";
Mahmoud Nouman
  • 59
  • 1
  • Thank you @Mahmoud that was really helpful but one thing that im kind of stuck on is that is there anyway to keep that proxy safe by using RADIUS service or any sort of username password mechanism? – Ghaith Haddad Sep 30 '19 at 13:57
  • Hello, do you mean for user authentication when connecting to prpxy or to reach the pac file? – Mahmoud Nouman Oct 01 '19 at 18:54
  • yes, so that even if someone got his hands on the link of the pac file, he would still need to authenticate using radius – Ghaith Haddad Oct 01 '19 at 19:38
  • Well, you can authenticate access to the proxy itself but not to the PAC file, applications using the PAC file, typically browsers would not expect an authentication challenge in order to be able to read the file. Appreciate mark the answer as correct if my original answer is correct for the question initially being asked. – Mahmoud Nouman Oct 02 '19 at 07:46