2

Instead of having separate proxy settings in Group Policy for several web browsers (Google Chrome, Internet Explorer and FrontMotion Firefox), I decided that it would be better to create a proxy.pac file and point each browser at that via Group Policy. This way, I would only have to update exclusions in one place.

My first thought was to put the proxy.pac file on the server that hosts our intranet. But this would give me no load balancing or resiliency. I tested this anyway and it worked (after adding a mime type to IIS). The URL looked like http://example.com/proxy.pac.

My second thought was to put the proxy.pac file into our SYSVOL directory. No way, no how can I get this to work. There's obviously something I've missed! The URL looks like file://\\example.com\SYSVOL\example.com\Proxy\proxy.pac. I also tried file://example.com/SYSVOL/example.com/Proxy/proxy.pac.

Where do you put yours? Any idea what I'm doing wrong?

Matty Brown
  • 675
  • 3
  • 13
  • 24

2 Answers2

2

At our organization, because of how little it's called (even with a thousand users!), we put it on our web server, and point it there specifically, using the IP address. The reason we do this is because if the server is unavailable, it won't stop them from connecting anyways (i.e. if they take their portable computer home).

Putting it on a file share is something I haven't tried, but I don't imagine it would be difficult. Putting it on each computer is horrible because:

  1. It blocks Internet Access unless it has a proxy server on every network that computer connects to
  2. You can't update it too easily

Because of how small the proxy.pac files are, I'd recommend just keeping them on a webserver, and pointing it there. If you use a hostname instead of an IP address to point to it, you should be able to setup another server for redundancy as well.

Canadian Luke
  • 885
  • 15
  • 44
  • 3
    `It blocks Internet Access unless it has a proxy server on every network that computer connects to` - the pac file is javascript. You write in detection and if the computer isn't on your local network then you return 'DIRECT'. `You can't update it too easily` - In a Windows domain, you could easily have the file deployed via group policy. – Zoredache Apr 04 '14 at 23:54
  • True, but my company couldn't use Windows servers, so updating group policies is more difficult in my job – Canadian Luke Apr 05 '14 at 01:28
2

https://blogs.msdn.microsoft.com/ieinternals/2013/10/11/understanding-web-proxy-configuration/

You should look at the above. The file:// format is deprecated

Anna Lee
  • 21
  • 1