Proxy automation
From BNL Physics Computing
There are three conditions that need to be satisfied in order to access web pages located inside or outside of BNL.
- An appropriate proxy configuration based on your location
- A tunnel to the BNL internal HTTP proxy, if you are not on the internal BNL network
- Ensuring that the application you want to run is configured to use the appropriate proxy configuration
A possible way of handling these steps is outlined below.
Contents |
Proxy Configuration
Modern browsers and other applications can use a "proxy auto-config" or "pac" file to determine how to access a given URL. The pac file contains a Javascript function that, in theory, should be able to select a proxy based on your location and the URL you want to visit. Unfortunately, the procedure to determine you location does not work correctly, so you cannot write a single pac file that will work everywhere. The simplest solution is to use a script on your machine to determine your location (IP address) and put the appropriate pac file in place. Three pac files are needed based on your being inside of the Lab on the internal network, being on Corus, or being off-site. If you are on the internal network, then your browser can go directly to bnl.gov addresses, but your browser needs to go to the internal proxy to get to non-BNL sites. If you are on the Corus network, then your browser needs to go through a tunnel to the internal BNL HTTP proxy to get to internal BNL sites, and it has to go through the Corus HTTP proxy to get to site outside of BNL. Finally, if you are off site, your browser needs to go through a tunnel to the internal BNL HTTP proxy to get to internal BNL sites, but it can go directly to sites not on the BNL network. On Corus or outside of the Lab, you can go directly to BNL web sites that have conduits, but you can also get to them through a tunnel to the internal BNL HTTP proxy, and using the tunnel greatly simplifies the proxy configuration.
PAC Files
The three pac files you need are reproduced below:
Corus pac File - wpad_corus.pac
function FindProxyForURL(url, host)
{
// This pac file is for Corus
if (shExpMatch(host, "*.bnl.gov") ||
shExpMatch(host, "130.199.*"))
return "PROXY localhost:3128";
else if (shExpMatch(host, "localhost*") ||
shExpMatch(host, "127.0.0.1"))
return "DIRECT";
else
return "PROXY 192.168.1.140:3128";
}
Inside pac File - wpad_inside.pac
function FindProxyForURL(url, host)
{
// This pac file is for inside the Lab
if (shExpMatch(host, "*.bnl.gov") ||
shExpMatch(host, "130.199.*") ||
shExpMatch(host, "localhost*") ||
shExpMatch(host, "127.0.0.1"))
return "DIRECT";
else
return "PROXY 192.168.1.130:3128";
}
Outside pac File - wpad_outside.pac
function FindProxyForURL(url, host)
{
// This pac file is for outside of the Lab
if (shExpMatch(host, "*.bnl.gov") ||
shExpMatch(host, "130.199.*"))
return "PROXY localhost:3128";
else
return "DIRECT";
}
Now you need a script to determine you IP address and either link or copy the appropriate pac file to the pac file names configured in the application you want to run. This script is operating system dependent and examples are given below.
Tunnel
The tunnel to the internal BNL HTTP proxy is setup as described on the Remote Access page. In some cases the tunnel can be started by the script putting the pac file in place, so you should look at the script examples below for those cases.
Browser/Application Configuration
If you configure you browser/application to use the file wpad.pac and the script associates the appropriate pac file with this name, then when you start the application after running the script and opening the tunnel, you application will load the appropriate pac function. If your application was already running, you need to reload the pac file into it.
