Explict Proxy Solution

download Explict Proxy Solution

of 24

Transcript of Explict Proxy Solution

  • 7/26/2019 Explict Proxy Solution

    1/24

    Blue Coat Security First Steps

    Solution for Deploying an Explicit Proxy

    SGOS 6

  • 7/26/2019 Explict Proxy Solution

    2/24

    Third Party Copyright Notices

    2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,

    INTELLIGENCECENTER, CACHEOS, CACHEPULSE, CROSSBEAM, K9, DRTR, MACH5, PACKETWISE,

    POLICYCENTER, PROXYAV, PROXYCLIENT, SGOS, WEBPULSE, SOLERA NETWORKS, DEEPSEE, DS

    APPLIANCE, SEE EVERYTHING. KNOW EVERYTHING., SECURITY EMPOWERS BUSIN ESS, BLUETOUCH, theBlue Coat shield, K9, and Solera Networks logos and other Blue Coat logos are registered trademarks or trademarks of

    Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the

    absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using

    the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective

    owners. This document is for informational purposes only.

    BLUE COAT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN

    THIS DOCUMENT. BLUE COAT PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA

    REFERENCED IN THIS DOCUMENT ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS,

    REGULATIONS AND R EQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN

    OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND

    REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES,

    PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER TO EXPORT, RE-EXPORT, TRANSFER

    IN COUNTRY OR IMPORT AFTER DELIVERY TO YOU.

    Americas:

    Blue Coat Systems, Inc.

    420 N. Mary Ave.

    Sunnyvale, CA 94085

    Rest of the World:

    Blue Coat Systems International SARL

    3a Route des Arsenaux

    1700 Fribourg, Switzerland

  • 7/26/2019 Explict Proxy Solution

    3/24

    Blue Coat Security First Steps

    Contents

    Solution: Deploy an Explicit Proxy 4

    Set Up an Explicit Proxy 5

    Set Services to Intercept - Explicit Proxy 6

    Explicit Proxy Services 6

    Manually Configure Explicit Proxy Settings in theBrowser 7

    Download Explicit Proxy Settings from a PACFile 12

    Edit the Accelerated PAC File 12

    Deploy the PAC File from the ProxySG Appliance 13

    Serve the PACFile from a WebServer 14

    Specify the PAC File Location in the Browser 15

    Allow Browsersto Auto-Detect Settings 20

    Test Explicit Client Connections 21

    List Active Sessions for a Proxy 23

    Explicit Proxy Troubleshooting 24

    Why are users experiencing slow browser performance? 24

    Why are browsers connecting with outdated PAC settings? 24

    Why are requests connecting directly instead of being redirectedtoproxy? 24

    3

  • 7/26/2019 Explict Proxy Solution

    4/24

    Deploy an Explicit Proxy

    Solution: Deploy an Explicit Proxy

    You can configure every client workstation in your network to direct their web requests to the ProxySG appliance. This

    deployment type is calledexplicit proxy. After a client is configured for explicit proxy, all user requests are sent to the appli-

    ance rather than to the origin content server (OCS) . The appliance then determines whether to allow or deny the request

    based on web access policy.

    Note: You can configure user agents such as browsers, e-mail clients, FTPclients, and client-side

    applications.Because browsers are by far the most widely used user agents in a typical network, this solution cov-

    ers how to configure them for explicit proxy.

    For allowed transactions, the appliance either services the user's request from a cached version of the page stored on the

    appliance's disk, or it connects to theOCS to retrieve the content to cache and serve to the user.

    Example of explicit proxy traffic flow - request allowed

    1. A user enters a URL in the browser's address bar. (This browser has already been configured to send traffic to the

    appliance explicitly.)2. The browser connects to the proxy service and sends the user request.The destination IP address is that of the

    ProxySG appliance.

    3. The appliance examines the request details (client IP, username/group if configured, URL, path, category) and

    compares them against allow and deny policy. Based on proxy service and policy settings, the appliance allows

    this request.

    4. The ProxySG forwards the user's request to the OCS. The source IPaddress of the request is that of the

    appliance.

    5. When the OCS responds, the appliance adds the content to its cache and forwards the response to the user.

    Example of explicit proxy traffic flow - request denied

    4

  • 7/26/2019 Explict Proxy Solution

    5/24

    Blue Coat Security First Steps

    1. A user enters a URL in the browser's address bar. (The browser has already been configured to send traffic to the

    appliance explicitly.)

    2. The browser connects to the proxy service and sends the user request.The destination IP address is that of the

    ProxySG appliance.

    3. The appliance examines the request details (client IP, username/group if configured, URL, path, category) and

    compares them against allow and deny policy. Based on proxy service and policy settings, the appliance denies

    this request.

    4. The appliance sends the user anexception pageproviding details on why the request was denied.

    Whether an explicit deployment is appropriate for your organization could depend on business and security policy. You

    should analyze your requirements to determine if explicit deployment is appropriate for you. For example, the deployment

    type that best suits your needs could depend on whether your organization has a "bring your own device" (BYOD)policy.

    To configure your network for explicit proxy, select a method to perform to deploy proxy settings to users, and then verify

    that client connections are proxied explicitly.

    1. Set Up an Explicit Proxy.

    2. Test Explicit Client Connections.

    Set Up an Explicit Proxy

    To set up your network foran explicit proxy, configure the SSLproxy service (if required), and then select one or more

    methods to deploy proxy settings to the users in your network.

    1. Configure the ExplicitHTTP services to intercept. SeeSet Services to Intercept - Explicit Proxy for instructions.

    2. Make sure that clients can access the Internet only by going through the appliance. Configure the firewall to restrict

    outbound access to ports 80, 443, and 21 to the appliance's IP address.

    Refer to your firewall documentation if you require more information.

    3. Determine which method to use to set up the explicit proxy; refer to the following table.

    5

  • 7/26/2019 Explict Proxy Solution

    6/24

    Deploy an Explicit Proxy

    Method Might be appropriate if... Refer to this topic

    Configure browsers with the IP address and

    port of the ProxySG appliance.

    l Your network is not too complex or

    the number of client devices is not

    very high.

    l

    Some users occasionally uselaptops or other devices that

    cannot download settings from an

    internal web server.

    Manually Configure

    Explicit Proxy Set-

    tings in theBrowser

    Download Proxy Auto-Configuration (PAC)

    information from an internal web server or

    load the file directly on the appliance.

    l Your network has many devices or

    is complex.

    l All devices in your network are

    subject to the same policies and

    proxy configuration.

    Download Explicit

    Proxy Settings from a

    PACFile

    Configure the appliance to automatically

    detect explicit proxy settings.

    l You wantto avoid complex manual

    configuration.Allow Browsers to

    Auto-Detect Settings

    Tip Depending on your network configuration and users' requirements, you might want to use more than one of the

    methods described above to deploy proxy settings. For example, you could use a PAC file for all client work-

    stations in the network, but have users manually configure the browsers on theirlaptops.

    Set Services to Intercept - Explicit Proxy

    For explicit proxy deployments, client browsers direct all traffic to the appliance on the same port, (typically 80 or 8080).

    When explicit traffic is intercepted, the appliance uses an advanced protocol detection method to identify the type of

    traffic, (HTTP, HTTPS, RTMP, and so on) and handle it according to the standards for that traffic.

    Explicit Proxy Services

    1. In the Management Console, selectConfiguration > Services > Proxy Services.

    2. Under Predefined ServiceGroups, expand theStandard group. A list of services displays.

    3. LocateExplicit HTTP, select it, and click dit Service .

    4. EnableDetect Protocol.

    5. UnderListeners, set the explicit proxy ports (8080 and/or 80) toIntercept.

    6

  • 7/26/2019 Explict Proxy Solution

    7/24

    Blue Coat Security First Steps

    6. ClickOK andApply . The appliance confirms your changes.

    Manually Configure Explicit Proxy Settings in the Browser

    To set up an explicit proxy using the browser, configure the ProxySG appliance as the proxy server in each client browser.

    In a typical setup, enter the appliance's IP address and port on which the appliance listens for traffic (by default, 8080).

    Select the appropriate browser for instructions. If users use a different version, instructions might differ slightly.

    Microsoft Internet Explorer version 8.x

    1. Open Internet Explorer.

    2. Select ools > Internet Options > Connections > LAN settings . You might have to make the CommandBar

    visible first.

    The LANSettings window appears.

    7

  • 7/26/2019 Explict Proxy Solution

    8/24

    Deploy an Explicit Proxy

    3. UnderProxy server, select the option to use a proxy server.

    4. IntheAddress field, enter the ProxySG IP address/hostname.

    5. (If applicable) In thePort field, enter the port(for example, 8080).

    6. Click K > OK .

    Mozilla Firefox version 24.0

    1. Open Firefox.

    2. Select ools > Options > Advanced > Network > Settings .

    8

  • 7/26/2019 Explict Proxy Solution

    9/24

    Blue Coat Security First Steps

    3. On the Connection Settings dialog that appears, selectManual proxy configuration.

    4. IntheHTTP Proxy field, enter the ProxySG IP address/hostname.

    5. (If applicable) In thePort field, enter the port(for example, 8080).

    6. Click K > OK .

    Google Chrome version 30.x

    1. Open Chrome.2. SelectSettings . If the option is present, select how Advanced Settings .

    3. Under Network, click hange proxy settings . The Internet Properties window appears.

    4. On the Connections tab, click AN settings .

    The LANSettings window appears.

    9

  • 7/26/2019 Explict Proxy Solution

    10/24

    Deploy an Explicit Proxy

    5. UnderProxy server, select the option to use a proxy server.

    6. IntheAddress field, enter the ProxySG IP address/hostname.

    7. (If applicable) In thePort field, enter the port(for example, 8080).

    8. Click K > OK .

    Apple Safari version 5.1.7 (Windows)

    1. OpenSafari.

    2. Select the settings menu,selectPreferences, and then clickAdvanced .

    3. ClickChange Settings .

    The Internet Properties pane opens.

    4. Click ANSettings .

    The LANSettings window appears.

    10

  • 7/26/2019 Explict Proxy Solution

    11/24

    Blue Coat Security First Steps

    5. UnderProxy server, select the option to use a proxy server.

    6. IntheAddress field, enter the ProxySG IP address/hostname.

    7. (If applicable) In thePort field, enter the port(for example, 8080).

    8. Click K > OK .

    Apple Safari (Mac)

    1. OpenSafari.

    2. From the Apple menu, select references .

    3. From the Settings menu, select references .

    4. ClickAdvanced .

    5. Beside Proxies, clickChange Settings .

    6. Click theAdvanced button.

    7. From the Apple menu, select references .

    8. (If necessary) Select your active network interface (usually Ethernet or Wi-Fi).

    9. SelectAdvanced .

    10. ClickProxies .

    11. SelectInternet Wireless > Network .

    12. Select dvanced > Proxies .

    13. Click eb Proxy (HTTP) .

    14. Under Web Proxy Server, enter the ProxySG appliance IP address and port.

    11

  • 7/26/2019 Explict Proxy Solution

    12/24

    Deploy an Explicit Proxy

    15. ClickOK .

    Next Step: Test Explicit Client Connections

    Download Explicit Proxy Settings from a PAC File

    You can specify that browsers download explicit proxy settings from a Proxy Auto-Configuration (PAC) file. A PAC file is

    a JavaScript file that defines aFindProxyForURLfunction, which tells the browser to either redirect to a proxy server orconnect directly to the URL.

    Two PAC files ship with the ProxySG appliance:

    l a read-only default PAC file, which specifies to use the appliance as the proxy server:

    http://:/proxy_pac_file

    l an editable PAC file, which specifies when to use the appliance as the proxy and which ports to use for specific

    types of requests, as well as when to connect directly to the origin content server (OCS):

    http://:/accelerated_pac_base.pac

    For information on configuring the PAC file, refer tohttp://en.wikipedia.org/wiki/Proxy_auto-config.

    Next Step: Edit the Accelerated PAC File

    Edit the Accelerated PAC File

    You can use the basic ProxyAuto-Configuration (PAC) file that ships with the ProxySG appliance, but if you want to cre-

    ate custom PAC settings for your deployment, you can edit the accelerated PAC file.

    12

    http://en.wikipedia.org/wiki/Proxy_auto-config
  • 7/26/2019 Explict Proxy Solution

    13/24

    Blue Coat Security First Steps

    Caution: The PACfile is written in JavaScript. You should be familiar with JavaScript functions before attempting

    to edit the file.

    1. Download the PACfile from the appliance:

    http://:/accelerated_pac_base.pac

    2. Open the PAC file in a text editor such as Notepad.

    3. Edit the file as appropriate for your deployment.If you are setting up the network for explicit proxy for the first time, it is a good idea to create a relatively simple

    PAC file for testing.

    Refer to this example of an edited PAC file. The PAC file contents in the example are as follows:

    l If the hostname matches yourdomain.com anywhere in the URL, redirect requests to 198.51.100.0; if the proxy

    can't be reached, go direct

    l take the same action if the URL matches the specified ftp, images, or graphics URLs

    l If the request contains a Windows Media protocol (mmsor rtsp) redirect to 198.51.100.1 or 198.51.100.2

    respectively; if the proxy can't be reached, go direct

    l If the request is for streaming media on yourdomain.com, redirect to 198.51.100.3; if the proxy can't be reached, go

    direct

    l If the hostname is not a fully-qualified domain name(FQDN), is an internal FQDN, or is any host in the

    altyourdomain.com domain, go direct

    l If none of the previous conditions apply, redirect to 198.51.100.10; if the proxy can't be reached, go direct

    After you edit the accelerated PAC file you can load it directly on the appliance; seeDeploy the PAC File from the

    ProxySG Appliance.

    Alternatively, you can deploy PAC information in the following ways:

    n Serve the PACFile from a WebServer- Upload the file to an internal web server, and then download the file to the

    appliance.

    n Specify the PAC File Location in the Browser- Upload the file to an internal web server, and then instruct users to

    specify the URL to the file in the browser.

    Deploy the PAC File from the ProxySG Appliance

    Use this method if you plan to create your own PAC file and deploy it from the appliance.

    1. Open the edited PAC file in atext editor such as Notepad.

    2. Edit the file as appropriate for your deployment and then copy the file contents.

    3. Log into the ProxySG command line interface (CLI).

    4. Enter enable mode.

    5. In enable mode, enter:

    #inline accelerated-pac EOF

    #

    #

    where:

    n is the PACfile contents you copied in step 3; paste the contents here

    n is an end-of-file marker; choose one that does not match any string in the PACfile itself

    6. The CLI respondsok.

    Example of PAC file pasted in the CLI

    13

    http://accelerated_pac_base.txt/
  • 7/26/2019 Explict Proxy Solution

    14/24

    Deploy an Explicit Proxy

    For an explanation of the contents of the file in this example, seeEdit the Accelerated PAC File.

    Next Step: Test Explicit Client Connections

    Serve the PAC File from a Web Server

    You can upload the edited PACfile to your internal web server and then instruct the ProxySG appliance to download it

    from theweb server.

    Note: Before proceeding, ensure that read permissions are set on the web server so the appliance can read the

    PAC file.

    In addition, configure the web server with one of the MIME types for PAC files:

    application/x-ns-proxy-autoconfig

    application/x-javascript-config

    If the MIME type is not configured for .pac extensions, users may experience connection issues.

    14

  • 7/26/2019 Explict Proxy Solution

    15/24

    Blue Coat Security First Steps

    1. Open the edited PAC file in a text editor such as Notepad.

    2. Edit the file as appropriate for your deployment.

    3. Upload the edited PAC file to your internal web server.

    Next Step: Test Explicit Client Connections

    Specify the PAC File Location in the Browser

    If you want certain users or groups of users to use the same PAC file, you can instruct them to specify the location of the

    PACfile in their browsers.

    Note: Configure the web server with one of the MIME types for PAC files:

    application/x-ns-proxy-autoconfig

    application/x-javascript-config

    If the MIME type is not configured for .pac extensions, users may experience connection issues.

    1. Configure the ProxySG appliance's TCP port 80 to accept explicit connections.

    The browser can retrieve the PAC file URL via DHCP option 252 if your DHCP server is configured to send option

    252 and the host is using DHCP (as opposed to a host configured with a static IP address.) For some DHCP

    servers, you might have to add the entry for option 252.

    2. Download the PACfile from the appliance:

    http://:/accelerated_pac_base.pac

    3. Open the edited PAC file in a text editor such as Notepad.

    4. Edit the file as appropriate for your deployment.

    5. Upload the edited PAC file to your internal web server and note the path to the file.

    6. Configure the browser with the PACfile URL.

    Select the appropriate browser for instructions. If users use a different version, instructions might differ slightly.

    Microsoft Internet Explorer version 8.x

    1. Open Internet Explorer.

    2. SelectTools > Internet Options.

    3. Click theConnections tab and then clickLAN Settings .

    15

  • 7/26/2019 Explict Proxy Solution

    16/24

    Deploy an Explicit Proxy

    4. On the dialog, selectUse automatic configuration script.

    5. Enter the PAC URLin theAddressfield.

    6. SelectOK > OK .

    Mozilla Firefox version 24.0

    1. Open Firefox.

    2. Select ools > Options .

    3. Select dvanced > Network .

    4. In the Connection section, clickSettings .

    16

  • 7/26/2019 Explict Proxy Solution

    17/24

    Blue Coat Security First Steps

    5. On the dialog, selectAutomatic proxy configuration URL.

    6. In the field, enter the PACURL.

    7. SelectOK > OK .

    Google Chrome version 30.x

    1. Open Chrome.2. In the Chrome menu, selectSettings .

    3. Click how advanced settings .

    4. Scroll down. Under Network, click hange proxy settings .

    17

  • 7/26/2019 Explict Proxy Solution

    18/24

    Deploy an Explicit Proxy

    5. On the dialog, selectUse automatic configuration script.

    6. Enter the PAC URLin theAddressfield.

    7. SelectOK > OK .

    Apple Safari version 5.1.7 (Windows)

    1. Open Safari.

    2. From the Settings menu, select references .

    3. ClickAdvanced .

    4. Beside Proxies, clickChange Settings .

    5. Click theAdvanced button.The Internet Properties window appears.

    6. Click theConnections tab and then clickLAN Settings .

    18

  • 7/26/2019 Explict Proxy Solution

    19/24

    Blue Coat Security First Steps

    7. On the dialog, selectUse automatic configuration script.

    8. Enter the PAC URLin theAddressfield.

    9. SelectOK > OK

    Apple Safari version 6.0.5 (Mac)

    1. Open Safari.

    2. From the Settings menu, select references .

    3. ClickAdvanced .

    4. Beside Proxies, clickChange Settings .

    5. Click theAdvanced button.

    6. From the Apple menu, select references .

    7. (If necessary) Select your active network interface (usually Ethernet or Wi-Fi).

    8. SelectAdvanced .

    9. ClickProxies .

    10. Select utomatic ProxyConfiguration .

    11. Enter the URL of the hosted PAC file in theURL field.

    19

  • 7/26/2019 Explict Proxy Solution

    20/24

    Deploy an Explicit Proxy

    12. SelectOK .

    Tip If you want users' browsers to determine the location of the PAC file using DNS, you must use the Web Proxy

    Auto-Discovery Protocol (WPAD) method. SeeAllow Browsers to Auto-Detect Settings.

    Next Step: Test Explicit Client Connections

    Allow Browsers to Auto-Detect Settings

    If you want all devices in your network to use the same proxy settings, you can configure the ProxySG appliance to allow

    browsers to auto-detect settings. Using Web Proxy Auto-Discovery Protocol (WPAD)allows you to enforce the same set-

    tings for all users.Use this method ifyou want all users' browsers to determine the location of the PAC file through DNS.

    1. Download the PAC file from the appliance:

    http://:/accelerated_pac_base.pac

    2. Open the edited PAC file in a text editor such as Notepad.

    3. Edit the file as appropriate for your deployment. SeeEdit the Accelerated PAC File.

    4. Upload the renamed file to the root directory of your internal web server.

    5. Add a DNS record to your internal DNSserver to resolve the WPAD hostname to the ProxySG appliance

    IPaddress.For example, if the local domain isyourdomain.com, adda record resolving wpad.yourdomain.com to the appliance

    IPaddress.

    6. Configure an explicit HTTPproxy service to allow browsers to receive the WPAD requests. In the Management

    Console, selectConfiguration > Services > Proxy Services.

    20

  • 7/26/2019 Explict Proxy Solution

    21/24

    Blue Coat Security First Steps

    Tip The appliance must be actively listening on whatever port you specify in the service. Port 80 is the

    default and thus does not have to be specified in browsers; however, if you want to use a different port, you

    must enable it for listening and then specify the port when configuring the explicit HTTP service. For

    instructions, see Set Services to Intercept - Explicit Proxy.

    7. Configure a redirect policy to convert the clients request for

    http://wpad.yourdomain.com/wpad.dat

    to a request for

    http://:/accelerated_pac_base.pac.

    The following is an example:

    ALLOW url.path.exact=/wpad.dat action.ReturnRedirect1(yes)

    define action ReturnRedirect1

    request_redirect( 302, ".*", "http://wpad.yourdomain.com/accelerated_pac_

    base.pac" )end

    When the user launches a browser, the browser attempts to detect proxy settings and issues an HTTP GET request to the

    hostname on the internal DNS server. The browser then installs the PAC file.

    Next Step: Test Explicit Client Connections

    Test Explicit Client Connections

    After you have configured the network for explicit proxy, you should test client connections and verify that they are going

    through the proxy server explicitly.

    1. Set a Deny policy.

    a. In the Management Console, select onfiguration > Policy > Policy Options .

    b. UnderDefault Proxy Policy, selectDeny .

    c. ClickApply .

    2. Go to various web pages using the browser. You should receive exception pages stating that access is denied due

    to policy.

    3. Set an Allow policy.

    a. In the Management Console, select onfiguration > Policy > Policy Options .

    b. UnderDefault Proxy Policy, selectAllow .

    c. ClickApply .

    4. Go to various web pages using the browser. You should be able to access the web pages.

    5. Use one of the following methods to verify that connections are being proxied:

    l View active sessions

    1. Go to various web pages using the browser.

    2. View ctive Sessions statistics and verify that they show explicit HTTPconnections. SeeList

    Active Sessions for a Proxyfor instructions,

    21

  • 7/26/2019 Explict Proxy Solution

    22/24

    Deploy an Explicit Proxy

    3. In the Client column, look for HTTP connections originating from the IPaddress of the ProxySG

    appliance.

    Requests sent to the origin content server(OCS) on behalf of the client display the ProxySG

    appliance IP address in the Client column.

    l View the access log in real time

    1. If access logging is disabled, enable it. In the Management Console, select onfiguration > Access

    Logging > General. Select nable Access Logging and then clickApply .

    2. Start the access log tail. SelectStatistics > Access Logging > Log Tail. Click tart Tail .

    3. Go to various web pages using the browser.

    4. To stop the log tail, click top Tail .

    5. On the Log Tail tab, look for events pertaining to the web pages you visited. They display as

    originating from the IPaddress of the ProxySG appliance.

    The access log tail shows events in real time.

    22

  • 7/26/2019 Explict Proxy Solution

    23/24

    Blue Coat Security First Steps

    List Active Sessions for a Proxy

    The Active Sessions report provides an immediate picture of the client-server sessions and the associated protocols, ser-

    vices, bytes, savings, and other statistics.

    1. In the Management Console, selectStatistics > Sessions > Active Sessions > Proxied Sessions .

    2. From theFilter drop-down list, selectProxy .

    3. Select a proxy name from the drop-down list.

    4. ClickShow to see the list of connections for the selected proxy.

    23

  • 7/26/2019 Explict Proxy Solution

    24/24

    Deploy an Explicit Proxy

    Explicit Proxy Troubleshooting

    Why are users experiencing slow browser performance? 24

    Why are browsers connecting with outdated PAC settings? 24

    Why are requests connecting directly instead of being redirected t o proxy? 24

    Why are users experiencing slow browser performance?

    Problem:Users report slow browser performance.

    Resolution:This problem has more than one possible solution.

    Solution 1:The PACfile is large and has too many lines. Each line in the PAC file, including comments, is parsed each

    time the browser encounters a URL on an HTMLpage. If your PAC file has extraneous lines, try to rewrite it to make it

    more efficient.

    Solution 2:The Proxy Auto-Configuration (PAC)file location was specified using a hostname, which could cause a per-

    formance hit due to excessive DNS lookups. If you suspect this could be the cause of the issue, use an IPaddress for the

    PAC file location.

    Why are browsers connecting with outdated PAC settings?

    Problem: Browsers connect using outdated Proxy Auto-Configuration (PAC) settings.

    Resolution:You updated the PAC file, but some users' browsers cached the previous PAC settings. Instruct users to do

    one of the following:

    l Clear the browser cache.l Start a new browser session.

    Why are requests connecting directly instead of being redir-

    ected to proxy?

    Problem: Users' requests are connecting directly to the origin content server (OCS)instead of the proxy server. You have

    specified in the proxy auto-configuration (PAC) file that these requests should be sent to proxy server.

    Tip You can verify that requests are connecting directly by using a network monitoring utility such as TCPView.exe

    to determine where the browser is redirecting.

    Resolution:This problem has more than one possible solution.

    Solution 1:If the PAC file specifies that requests go direct if the proxy server cannot be reached, verify that the proxy in

    question is reachable.

    Solution 2:Debug the JavaScript in the PAC file. Look for incorrect syntax and other errors.