快速上手

生成pac文件

一个完整的文件示例

如下文件提供了一个基于本地网络识别,基于访问主机识别,基于协议识别,基于URL识别,基于本机IP识别的示例,并提供了一个默认规则用于匹配默认情况。

function FindProxyForURL(url, host) {

// If the hostname matches, send direct.
    if (dnsDomainIs(host, "intranet.domain.com") ||
        shExpMatch(host, "(*.abcdomain.com|abcdomain.com)"))
        return "DIRECT";

// If the protocol or URL matches, send direct.
    if (url.substring(0, 4)=="ftp:" ||
        shExpMatch(url, "http://abcdomain.com/folder/*"))
        return "DIRECT";

// If the requested website is hosted within the internal network, send direct.
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
        isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
        isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
        isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
        return "DIRECT";

// If the IP address of the local machine is within a defined
// subnet, send to a specific proxy.
    if (isInNet(myIpAddress(), "10.10.5.0", "255.255.255.0"))
        return "PROXY 1.2.3.4:8080";

// DEFAULT RULE: All other traffic, use below proxies, in fail-over order.
    return "PROXY 4.5.6.7:8080; PROXY 7.8.9.10:8080";

}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

常见的PAC功能模块

如下列出了几种常见场景的代码示例。

  • 本地网络匹配
if (isPlainHostName(host) ||
    shExpMatch(host, "*.local") ||
    isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") || 
    isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
    isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
    isInNet(dnsResolve(host), "173.37.0.0",  "255.255.0.0") ||
    isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")
   )
   return "DIRECT";
1
2
3
4
5
6
7
8
9
  • 基于域名的匹配
if (dnsDomainIs(host, "test1.com") ||
    dnsDomainIs(host, "www.test2.com")
   )
   return "DIRECT";
1
2
3
4
  • 基于URL的匹配
if (shExpMatch(url, "http://www.test1.com/path/*"))
   return "DIRECT";
1
2
  • 基于协议的匹配
// HTTP 协议
if (url.substring(0,5)=="http:") return "DIRECT";
// HTTPS 协议
if (url.substring(0,6)=="https:") return "DIRECT";
// FTP 协议
if (url.substring(0,4)=="ftp:") return "DIRECT";
1
2
3
4
5
6
  • 基于本机IP的匹配
if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))
   return "PROXY 80.80.80.80:8080";
1
2
  • 返回代理信息
// 网络直连,不走任何代理
return "DIRECT";
// 代理到单一的主机上
return "PROXY proxy.domain.local:8080";
// 支持冗灾的代理模式,当前面的故障后会自动尝试使用后面的配置
return "PROXY proxy1.domain.local:8080; PROXY proxy2.domain.local:8080; DIRECT";
1
2
3
4
5
6

良好的习惯

匹配规则尽量精确,避免范围过大或造成歧义,比如如下代码会错误匹配到第二种情况

// 1. www.hotmail.com 2. phishing-scam.com?email=someone@hotmail.com

if (shExpMatch(url, "*hotmail.com*"))
        return "DIRECT";
1
2
3
4

对应的修正建议为

if (dnsDomainIs(host, "hotmail.com") || dnsDomainIs(host, "*.hotmail.com"))
        return "DIRECT";
1
2

配置pac服务

服务端配置

配置pac客户端

客户端配置

更新时间: