How to implement PAC File on the Proxy SG

FAQ ID:    FAQ2221
Version:    4.0
Status:    Published
Published date:    07/11/2012
Updated:    09/20/2013



Pac File How To: 
Serves PAC from Blue Coat Proxy. Also recommend homing the PAC file on a seperate server incase all blue coats are not available.  This would allow for users to "fail open" if there is a "DIRECT" statement in the PAC file (go direct to 
internet if the firewall allows it). 
1) Load PAC into bluecoat:  ("accelerated-pac file" = served from the bluecoat.  Enter PAC into the CLI)
SGOS#conf t
SGOS#(config) inline accelerated-pac xxx
<type or paste PAC file here>
Or from a web server and using the following CLI commands:
SGOS#(config) accelerated-pac path <url>
SGOS#load accelerated-pac 
2) URL to use in browser http://x.x.x.x:8080/accelerated_pac_base.pac
To use a custom PAC file with a custom name
Warning: This option works by rewriting the request from the client to the actual URL of the PAC file on the proxy, but in order for the rewrite to work, it requires that the URL specifies a management console port such as 8081. It will fail if a proxy port such as 8080 is specified. However, because there are only 64 concurrent management console sessions available on the proxy at a given time, this option is not recommended for large deployments where this limit could be exceeded by incoming client requests for the PAC file. If this happens, it will result in the proxy denying any additional requests for the PAC file and/or denying access to the management console. Please use with caution.
1) Enable HTTP-Console (configuration>services>management services)
2) Install the following CPL in your local policy file (configuration>policy>policy files>install local file from: Text Editor) or CPL layer in the VPM. Be sure to replace the IP address with the actual IP address of your proxy:
url=http://proxy.example.com/ authenticate(no) action.redoPac(yes)
url= authenticate(no)
define action redoPac
   rewrite(URL,"http://proxy.blue.com/", "")
end action redoPac
PAC file
- proxy bypass for host, ip and subnet
- multiple proxies for failover
- fail close if no proxy available
function FindProxyForURL(url, host)
         if (isPlainHostName(host)||
              shExpMatch(host, "cfauth.com")||
              shExpMatch(host, "blah.blah.com")||
              isInNet(host, "", "")||         
                  shExpMatch(host, ""))
         return "DIRECT";
   return "PROXY";
   return "PROXY";


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question