Accessing the Proxy as a Web Server
You can store one or more autoconfiguration files on the proxy server and have the proxy server act as a web server whose only documents are autoconfiguration files. This lets you, the proxy administrator, maintain the proxy autoconfiguration files needed by the clients in your organization. It also lets you keep the files in a central location, so if you have to update the files, you do it once and all browser clients automatically get the updates.
You keep the proxy autoconfiguration files in the server- root/proxy-serverid/pac/ directory. In the browser, you enter the URL to the proxy autoconfiguration file typing the URL to the file in the Proxies tab. The URL for the proxy has this format:
http://proxy.domain:port/URI
For example, the URL could be http://proxy.example.com. If you do use a URI, which is the part of the URL following the host:port combination, you can use a template to control access to the various autoconfiguration files. For example, if you create a URI called /test that contains an autoconfiguration file called /proxy.pac, you can create a template with the resource pattern http://proxy.mysite.com:8080/test/.*. You can then use that template to set up access control specifically to that directory.
You can create multiple autoconfiguration files and access them through different URLs. The following table lists some example URIs and the URLs the clients would use to access them.
Table 17–1 Sample URIs and corresponding URLs|
URI (path) |
URL to the proxy |
|---|---|
|
/ |
http://proxy.mysite.com |
|
/employees |
http://proxy.mysite.com/employees |
|
/group1 |
http://proxy.mysite.com/group1 |
|
/managers |
http://proxy.mysite.com/managers |
Using PAC Files With a Reverse Proxy
Because of the way a reverse proxy works, using a proxy server and a server for .pac files is difficult. When the the proxy server gets a request for a file, it would have to determine whether the request is for a local .pac file or for a remote document.
In order to have the proxy server act as a reverse proxy in addition to maintaining and serving a .pac file, edit the obj.conf file to make sure the order of the NameTrans functions is correct.
Create a regular mapping to have the proxy server act as a reverse proxy. This typically tells the proxy to route all requests to the remote content server. You can add a proxy autoconfiguration file and map it to a specific directory, such as /pac. In this case, any client who wants to get the .pac file would use a URL such as:
http://proxy.mysite.com/pac
Caution – With this mapping, make sure that the remote content server does not have a similar directory.
Edit the obj.conf file to make sure that the directive and function for the proxy autoconfiguration file appear before any other mappings. This directive and function must be first because the proxy server normally runs through all NameTrans functions before servicing the request. However, with autoconfiguration files, the proxy immediately recognizes the path and returns the .pac file.
The following example is from an obj.conf file that uses a reverse proxy and maintains an autoconfiguration file.
<Object name="default"> NameTrans from="file:" fn="map" to="ftp:" NameTrans from="/pac" fn="pac-map" name="file" to="/ns-home/proxy/pac/proxy.pac" NameTrans fn="redirect" from="http://foo.*" url="http://www.acme.com" NameTrans from="/ns-icons" fn="pfx2dir" dir="/ns-home/ns-icons" name="file" NameTrans fn="reverse-map" from="http://web.acme.com" to="http://proxy.acme.com:8080" NameTrans fn="map" from="http://proxy.acme.com:8080" to="http://web.acme.com" NameTrans fn="map" from="/" to="http://web.acme.com" PathCheck fn="url-check" Service fn="deny-service" AddLog fn="flex-log" name="access" AddLog fn="urldb-record" </Object>
- © 2010, Oracle Corporation and/or its affiliates