Hi Mohammad,
Maybe we are both missing something, but from what I can see, I would expect that first rule to match.
From what you have mentioned before, when you put the ProxySG in the proxy settings in the browser, it works just fine. From that, we know that
1) The ProxySG is configured correctly
2) The client machine can reach the ProxySG
In testing the ProxySG connection, if you didn't test using
srvproxy:8558 in the browser proxy settings, then I would test that. It could be that the PAC file is working, but that the DNS is failing to resolve srvproxy hostname
Another thing to consider is that if the connection is slow between the client and the Proxy, that could be an issue. Different browsers have different timeout period before they try the next route listed (in your case DIRECT). The fastest I have seen is 3 seconds, so I wouldn't expect a 1 second delay to cause this.
Outside of the above, I would look into where you PAC file is being hosted, and investigate in that direction. Maybe see if you have better results using 'host' implementation of shExpMatch instead of url? I just don't see why what you have shouldn't work.
I'm afraid I'm probably not much help at this point, as I don't see anything glaringly wrong with the PAC file, and we've established you can reach the ProxySG without it.
Hope that helps!
Original Message:
Sent: 11-20-2020 02:57 PM
From: MOhammad Bader
Subject: Redirect HTTP traffic from local users towards Domain controller to ProxySG using PAC file
Hi jacob,
Thank you for your reply, actually I need only HTTP and HTTPs traffic to send to proxy, and any other traffic destined to domain controllers to bypassed.
I have upload sample of PAC file I created for this request.
I have another rule sending traffic direct and I put the rule for HTTP traffic before the direct rule.
Appreciate your help.
Original Message:
Sent: 11-20-2020 02:50 PM
From: Jacob M
Subject: Redirect HTTP traffic from local users towards Domain controller to ProxySG using PAC file
Hi Mohammad,
I think something like
if (shExpMatch(host, "*.mydomain.com"))
return "PROXY your.proxy.url:8080";
could work to send that domain to the ProxySG. Having that syntax toward the beginning ensures another PAC rule isn't being hit and sending it direct.
If you need more PAC file examples, This KB gives an example of PAC file to send to WSS. I have also personally found both Wikipedia's and Mozilla's Proxy auto-config pages to be great resources with lots of PAC file examples. <Obligatory, those sites aren't maintained by Broadcom disclaimer>
Hope that helps!
Original Message:
Sent: 11-19-2020 08:09 PM
From: MOhammad Bader
Subject: Redirect HTTP traffic from local users towards Domain controller to ProxySG using PAC file
Hello Everyone,
I hope you are doing well.
Local users resolving the private IP address of domain controller but the web URL of the domain mapped to public IP, so if any user browse http://mydomain.com it will not work.
I configured CPL policy and ready to use. I try in the PAC file to redirect HTTP traffic destined to domain controller to be send to our proxy but it did not work.
If I remove the PAC file from browser setting and use proxy server details, it works.
Can you please help me with the correct syntax in the PAC file?, currently in PAC all traffic destined to private IP addresses and URLs are returned with direct action