test

Oracle iPlanet Web Proxy Server 4.0.14 Administration Guide

Using PAC Files With a Reverse Proxy

Because of the way a reverse proxy works, using a proxy server and a server for .pac files is difficult. When the the proxy server gets a request for a file, it would have to determine whether the request is for a local .pac file or for a remote document.

In order to have the proxy server act as a reverse proxy in addition to maintaining and serving a .pac file, edit the obj.conf file to make sure the order of the NameTrans functions is correct.

Create a regular mapping to have the proxy server act as a reverse proxy. This typically tells the proxy to route all requests to the remote content server. You can add a proxy autoconfiguration file and map it to a specific directory, such as /pac. In this case, any client who wants to get the .pac file would use a URL such as:

http://proxy.mysite.com/pac
Caution – Caution –

With this mapping, make sure that the remote content server does not have a similar directory.

Edit the obj.conf file to make sure that the directive and function for the proxy autoconfiguration file appear before any other mappings. This directive and function must be first because the proxy server normally runs through all NameTrans functions before servicing the request. However, with autoconfiguration files, the proxy immediately recognizes the path and returns the .pac file.

The following example is from an obj.conf file that uses a reverse proxy and maintains an autoconfiguration file.

<Object name="default">
NameTrans from="file:" fn="map" to="ftp:"
NameTrans from="/pac" fn="pac-map" name="file" 
	to="/ns-home/proxy/pac/proxy.pac"
NameTrans fn="redirect" from="http://foo.*" url="http://www.acme.com"
NameTrans from="/ns-icons" fn="pfx2dir" dir="/ns-home/ns-icons" name="file"
NameTrans fn="reverse-map" from="http://web.acme.com" 
	to="http://proxy.acme.com:8080"
NameTrans fn="map" from="http://proxy.acme.com:8080" 
	to="http://web.acme.com"
NameTrans fn="map" from="/" to="http://web.acme.com"
PathCheck fn="url-check"
Service fn="deny-service"
AddLog fn="flex-log" name="access"
AddLog fn="urldb-record"
</Object>