Proxy PAC File


Remote Devices can be configured to access the Redwood Filter Engine via proxy pac files, or to access the Internet directly. (Presuming, of course, that the device firewall allows direct access.)

Any clients accessing LAN resources, and and mobile devices accessing their MDM server are examples where direct access is desireable.


PAC Functions

A browser supporting PAC provides access to a list of functions as defined in the original Netscape Specification.

Each browser implements PAC in a sandbox, allowing access to only those JavaScript functions required to operate and nothing more. As an example, it isn’t possible to access the browser user agent string in a PAC file, a string available to a normal web page.

Rules using the following PAC Functions can be defined in the Log Cabin Console.

dnsDomainIs

Evaluates hostnames and returns true if hostnames match. Used mainly to match and exception individual hostnames.

    if (
        dnsDomainIs(host, "companysite.com") ||
        dnsDomainIs(host, "www.companysite.com")
    )

shExpMatch

Will attempt to match hostname or URL to a specified shell expression, and returns true if matched.

    if (
        shExpMatch(host, "*.local") ||
        shExpMatch(url, "http://companysite.com/folder/*")
    )

isInNet

This function evaluates the IP address of a hostname, and if within a specified subnet returns true. If a hostname is passed the function will resolve the hostname to an IP address.

    if (
        isInNet(host, "172.16.0.0", "255.240.0.0")
    )