Cipafilter Support:
Support@Cipafilter.com
309 517 2022 option 2
Mon - Fri 7 AM - 6 PM CT
Knowledgebase: Product Manual > Miscellaneous
Cipafilter Documentation - PAC files / secure proxy
Posted by Jim Giseburt, Last modified by Jim Giseburt on 11 April 2017 04:57 PM

Many browsers and operating systems support the use of a PAC (proxy auto-configuration) file. This file provides a centralized method of indicating to the client how to choose a proxy server when making a Web request. Cipafilter supports several PAC files with various functions.

The following PAC files are available for standard HTTP proxy settings at the filter's Web-management address:

  • filter.domain.com/proxy.pac (where filter.domain.com is one of the filter's Web-management addresses) — This file directs clients to an HTTP-only proxy at the filter's canonical Web-management address.

Secure proxy

The standard proxy functionality used by most client software is implemented using special plain-text HTTP headers. This makes proxy requests somewhat insecure, in that the user's credentials are passed to the server in a non-encrypted form which is readable by other devices on the same network. Recently, some browsers have implemented secure proxy functionality, which wraps the proxy connection in an HTTPS/SSL tunnel. This is beneficial not only because it hides the user's proxy credentials, but also because it prevents traffic between the user and the proxy from being intercepted by third parties, even when the user is requesting an insecure Web site.

The following PAC files are available for secure HTTPS proxy settings at the filter's captive-portal address:

  • portal.domain.com/proxy.pac (where portal.domain.com is the filter's custom portal address) — When a custom portal certificate is installed, this file directs clients to both an HTTPS proxy and an HTTP proxy at the custom portal address. The HTTPS proxy will be used by browsers that support secure proxy, while other browsers will use the HTTP variant. If no custom portal certificate is available, the file directs clients to an HTTP-only proxy at the default portal address (portal.cipafilter.com). This file is the easiest to use, since it works with most browsers and provides a secure connection where available.

  • portal.domain.com/proxy-https.pac (where portal.domain.com is the filter's custom portal address) — When a custom portal certificate is installed, this file directs clients to an HTTPS-only proxy at the custom portal address. If no custom portal certificate is available, the file has no function.

There are three requirements for using secure proxy with Cipafilter:

  • The Cipafilter must be configured to use a custom portal certificate.

  • The client must be using a browser which supports secure proxy. This includes recent versions of Google Chrome and Mozilla Firefox.

  • The browser must be configured to use one of the PAC files available at the filter's custom portal address (described above).

Please note that the proxy configuration screens of many applications have one text field for an HTTP/insecure proxy address and one for an HTTPS/secure proxy address. This usually does not refer to the secure proxy functionality described above — it simply specifies the insecure proxy to be used for HTTPS requests from the browser. Most software which supports secure proxy currently requires the use of a PAC file to enable it.

(0 vote(s))
Helpful
Not helpful

Comments (0)
©Cipafilter 2017. All Rights Reserved.