Proxy Auto Configuration (PAC) File

What is PAC File?

Proxy Auto Configuration file is text file having a single function containing various rules coded in JavaScript that instructs web browser to forward traffic to a proxy server or directly to the destination server.

Along with proxy server details there are optional and additional parameter that specify when and under what circumstances a browser forwards traffic to proxy server.

Example:

function FindProxyForURL(url, host) {
if (shExpMatch(url, "*.google.com/*"))
       return 10.10.10.1:8080;
       return DIRECT'
}

Advantage of PAC file:

1. PAC file can be hosted on a centralized place such as workstation, internal web server, or server outside the corporate network.
2. Perform Load distribution
3. Handle proxy failover.
4. Supported by all browsers.
5. Exceptions rules can be configured for internal or external sites.
6. Provides critical security, ensuring that traffic is always proxied when it should be.

History

Originally developed by Netscape in 1996 for Netscape Navigator 2.0.

Data Flow Diagram

In next blog we will try to understand how WPAD protocol works and security concerns associated with the combination of PAC file and WPAD

Reference: 

• http://community.lightspeedsystems.com/courses/pac-files-explained/
• https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_best_pract.aspx
• https://help.zscaler.com/zia/what-pac-file
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_(PAC)_file
• https://findproxyforurl.com/pac-file-introduction/
• https://kc.mcafee.com/corporate/index?page=content&id=KB67177
• https://www.researchgate.net/publication/320952790_Prevention_of_PAC_File_Based_Attack_Using_DHCP_Snooping