Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Home
- Microsoft Edge Insider
- Enterprise
- Re: Local DNS resolution when PAC file is configured
Local DNS resolution when PAC file is configured
Discussion Options
- Subscribe to RSS Feed
- Mark Discussion as New
- Mark Discussion as Read
- Pin this Discussion for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oct 12 2022 06:04 AM - edited Oct 12 2022 06:08 AM
Hi Team,
Our Windows machine is configured with PAC file and automatic configuration script option is checked and internet traffic is going via Proxy server located in the on premise only. Both internet and intranet access work perfectly. We dont have any issues accessing intranet sites but while trying to access internet websites we are facing a slowness issue due to Local DNS server is not able to resolve IPs for external domains. However every time the internet site is loaded, Edge/Chrome performs local DNS resolution which fails as our local DNS is not able to resolve internet sites. Then the request goes to proxy server and the site loads correctly.
As per Microsoft link, only the following three functions isInNet(), isResolvable(), and dnsResolve() functions send queries to the DNS-subsystem. Therefore, you should avoid, or, at least, minimize the use of these functions.
But in the PAC file we do have this along with other functions. Please see the pac file content below.
The question is whether it is possible to prevent Client machine in performing local DNS resolution if the request is supposed to go to proxy server.
If the request is supposed to go via onpremise proxy then why client is sending DNS query to Local DNS Server?
Whether it is expected and intended behavior of PAC files or Operating systems?
Any thoughts on this?
Regards,
Venkatesh
1 Reply
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oct 12 2022 06:07 AM
//pacfile for 157.51.199.175 from 658421_1264:1_2511
// Ntw: --
var atyps = new Array("authservice.", "formauth.");
function FindProxyForURL(url, host)
{
var proxy_addresses;
var hosted;
/* Convert the host parameter to lowercase
to facilitate case insensitive matching.
*/
host = host.toLowerCase();
proxy_addresses = 'PROXY ipv4.157.51.199.175.hybrid-web.proxyfqdn.com:8080';
if ('' == 'Network_111111')
{
if (url.substring(0, 5) == 'http:')
{
proxy_addresses = 'PROXY 10.1.1.1:8080; PROXY 10.1.1.2:8080; PROXY 10.1.1.3:8080';
}
if (url.substring(0, 6) == 'https:')
{
proxy_addresses = 'PROXY 10.1.1.1:8080; PROXY 10.1.1.2:8080; PROXY 10.1.1.3:8080';
}
if (url.substring(0, 4) == 'ftp:')
{
proxy_addresses = 'PROXY 10.1.1.1:21; PROXY 10.1.1.2:21; PROXY 10.1.1.3:21';
}
}
if ('' == 'Network_111112')
{
if (url.substring(0, 5) == 'http:')
{
proxy_addresses = 'PROXY 10.1.1.1:8080; PROXY 10.1.1.2:8080; PROXY 10.1.1.3:8080';
}
if (url.substring(0, 6) == 'https:')
{
proxy_addresses = 'PROXY 10.1.1.1:8080; PROXY 10.1.1.2:8080; PROXY 10.1.1.3:8080';
}
if (url.substring(0, 4) == 'ftp:')
{
proxy_addresses = 'PROXY 10.1.1.1:21; PROXY 10.1.1.2:21; PROXY 10.1.1.3:21';
}
}
hosted = (proxy_addresses == 'PROXY ipv4.157.51.199.175.hybrid-web.proxyfqdn.com:8080');
/* Don't proxy local hostnames */
if (isPlainHostName(host))
{
return 'DIRECT';
}
/* always proxy on normal service address/port for the login host */
if (shExpMatch(host, '*proxy-login.blackspider.com'))
{
// Examine and possibly replace the first proxy setting generated above.
prx_sect = proxy_addresses.split(';')[0]; // get 1st setting
if (!shExpMatch(prx_sect, 'PROXY *')) return proxy_addresses; // Not a proxy specifier, so don't change anything
// Verify that the proxy specifier is in the hosted domain by checking last 2 hostname components
std_host = 'ipv4.157.51.199.175.hybrid-web.proxyfqdn.com';
idx = std_host.search('\.[^.]+\.[^.]+$');
if (idx < 0) return proxy_addresses; // Not enough hostname components to check whether it is in hosted domain, so we should not change it
std_domain = std_host.substring(idx);
len_std_domain = std_domain.length;
prx_spec = prx_sect.split(' ',2)[1]; // discard 'PROXY ' part keeping host:port
prx = prx_spec.split(':')[0]; // split hostname from port
if (prx.substring(prx.length - len_std_domain) != std_domain) return proxy_addresses; // Not in hosted domain, so we should not change it
for (i in atyps)
{
// strip away auth-type prefix, if present, from hostname in order to use standard service
atyp = atyps[i];
if (prx.substring(0, atyp.length) == atyp) return 'PROXY ' + prx_spec.substring(atyp.length);
}
// Not an auth-type hostname, so change port number to access the standard service
return 'PROXY ' + prx + ':8080';
}
/* Don't proxy local domains */
var domain_list;
if ( hosted )
{
// Unfiltered destinations of type hybrid and both hybrid and explicit.
domain_list = new Array("");
}
else
{
// Unfiltered destinations of type explicit and both hybrid and explicit.
domain_list = new Array("");
}
for (d in domain_list)
{
if ( dnsDomainIs(host, "." + domain_list[d] ) || host == domain_list[d] )
{
return 'DIRECT';
}
}
/* Don't proxy Windows Update */
if ((host == "download.microsoft.com") ||
(host == "ntservicepack.microsoft.com") ||
(host == "cdm.microsoft.com") ||
(host == "officecdn.microsoft.com.edgesuite.net") ||
(host == "wustat.windows.com") ||
(host == "windowsupdate.microsoft.com") ||
(dnsDomainIs(host, ".windowsupdate.microsoft.com")) ||
(host == "update.microsoft.com") ||
(dnsDomainIs(host, ".update.microsoft.com")) ||
(dnsDomainIs(host, ".windowsupdate.com")) ||
(host == "officecdn.microsoft.com") ||
(host == "sci2-1.am.microsoft.com") ||
(dnsDomainIs(host, ".mp.microsoft.com")) ||
(dnsDomainIs(host, ".dl.ws.microsoft.com")) ||
(dnsDomainIs(host, ".delivery.mp.microsoft.com")) ||
(host == "query1.finance.yahoo.com") ||
(host == "query2.finance.yahoo.com") ||
(dnsDomainIs(host, "emdl.ws.microsoft.com")) ||
(dnsDomainIs(host, "adl.windows.com")) ||
(host == "swcdn.apple.com") ||
(host == "updates-http.cdn-apple.com") ||
(host == "updates.cdn-apple.com"))
{
return 'DIRECT';
}
/* Don't proxy Office 365 */
var domain_pattern_list = new Array("*.aadrm.com",
"*.aadrm.us",
"*.activity.windows.com",
"*.adl.windows.com",
"*.appex-rf.msn.com",
"*.aria.microsoft.com",
"*.assets-yammer.com",
"*.auth.microsoft.com",
"*.auth.microsoft.us",
"*.azure-apim.net",
"*.azureedge.net",
"*.azurerms.com",
"*.broadcast.skype.com",
"*.cdn.office.net",
"*.cdn.office365.us",
"*.compliance.apps.mil",
"*.compliance.microsoft.com",
"*.compliance.microsoft.us",
"*.cortana.ai",
"*.dod.online.office365.us",
"*.dod.teams.microsoft.us",
"*.dps.mil",
"*.ecdn.microsoft.com",
"*.events.data.microsoft.com",
"*.flow.microsoft.com",
"*.gov.online.office365.us",
"*.gov.skypeforbusiness.us",
"*.gov.teams.microsoft.us",
"*.gov.us.microsoftonline.com",
"*.hip.live.com",
"*.informationprotection.azure.com",
"*.informationprotection.azure.us",
"*.keydelivery.mediaservices.windows.net",
"*.lync.com",
"*.mail.protection.outlook.com",
"*.manage.microsoft.com",
"*.manage.office365.us",
"*.media.azure.net",
"*.microsoft.com",
"*.microsoftonline-p.com",
"*.microsoftonline.com",
"*.microsoftstream.com",
"*.microsoftusercontent.com",
"*.msauth.net",
"*.msauthimages.net",
"*.msauthimages.us",
"*.msecnd.net",
"*.msftauth.net",
"*.msftauthimages.net",
"*.msftauthimages.us",
"*.msftidentity.com",
"*.msidentity.com",
"*.msocdn.com",
"*.mstea.ms",
"*.od.apps.mil",
"*.office.com",
"*.office.net",
"*.office365.com",
"*.office365.us",
"*.officeapps.live.com",
"*.onenote.com",
"*.online.dod.skypeforbusiness.us",
"*.online.office.com",
"*.onmicrosoft.com",
"*.osi.apps.mil",
"*.osi.office365.us",
"*.outlook.com",
"*.outlook.office.com",
"*.outlookmobile.com",
"*.portal.cloudappsecurity.com",
"*.powerapps.com",
"*.protection.apps.mil",
"*.protection.office.com",
"*.protection.office365.us",
"*.protection.outlook.com",
"*.scc.office365.us",
"*.search.production.apac.trafficmanager.net",
"*.search.production.emea.trafficmanager.net",
"*.search.production.us.trafficmanager.net",
"*.secure.skypeassets.com",
"*.security.apps.mil",
"*.security.microsoft.com",
"*.security.microsoft.us",
"*.sfbassets.com",
"*.sharepoint-mil.us",
"*.sharepoint.com",
"*.sharepoint.us",
"*.sharepointonline.com",
"*.skype.com",
"*.skypeforbusiness.com",
"*.streaming.mediaservices.windows.net",
"*.svc.ms",
"*.teams.microsoft.com",
"*.users.storage.live.com",
"*.virtualearth.net",
"*.wns.windows.com",
"*.yammer.com",
"*.yammerusercontent.com",
"*cdn.onenote.net",
"account.activedirectory.windowsazure.com",
"account.live.com",
"account.office.net",
"accounts.accesscontrol.windows.net",
"activation.sls.microsoft.com",
"activity.windows.com",
"adelivery.mp.microsoft.com",
"admin.microsoft.com",
"admin.onedrive.com",
"admin.onedrive.us",
"adminwebservice.microsoftonline.com",
"ajax.aspnetcdn.com",
"aka.ms",
"amp.azure.net",
"api.passwordreset.microsoftonline.com",
"apis.live.net",
"appsforoffice.microsoft.com",
"assets.onestore.ms",
"attachments-dod.office365-net.us",
"attachments.office365-net.us",
"auth.gfx.ms",
"autodiscover-s-dod.office365.us",
"autodiscover-s.office365.us",
"autodiscover.*.mail.onmicrosoft.com",
"autodiscover.*.mail.onmicrosoft.us",
"autodiscover.*.onmicrosoft.com",
"autodiscover.*.onmicrosoft.us",
"autologon.microsoftazuread-sso.com",
"az741266.vo.msecnd.net",
"becws.microsoftonline.com",
"broadcast.skype.com",
"c.live.com",
"c1.microsoft.com",
"ccs.login.microsoftonline.com",
"cdn.odc.officeapps.live.com",
"cdn.uci.officeapps.live.com",
"cdnprod.myanalytics.microsoft.com",
"clientconfig.microsoftonline-p.net",
"companymanager.microsoftonline.com",
"compass-ssl.microsoft.com",
"compliance.apps.mil",
"compliance.microsoft.com",
"compliance.microsoft.us",
"config.apps.mil",
"crl.microsoft.com",
"d.docs.live.net",
"dc.services.visualstudio.com",
"defender.microsoft.com",
"device.login.microsoftonline.com",
"dgps.support.microsoft.com",
"directory.services.live.com",
"dl.delivery.mp.microsoft.com",
"docs.live.net",
"docs.microsoft.com",
"dod-graph.microsoft.us",
"dod-mtis.cortana.ai",
"dod.activity.windows.us",
"dod.loki.office365.us",
"dod.teams.microsoft.us",
"dodteamsapuiwebcontent.blob.core.usgovcloudapi.net",
"ecn.dev.virtualearth.net",
"emdl.ws.microsoft.com",
"endpoint1-proddodcecompsvc-dodc.streaming.media.usgovcloudapi.net",
"endpoint1-proddodeacompsvc-dode.streaming.media.usgovcloudapi.net",
"enterpriseregistration.windows.net",
"eus-www.sway-cdn.com",
"eus-www.sway-extensions.com",
"excelbingmap.firstpartyapps.oaspapps.com",
"firstpartyapps.oaspapps.com",
"g.live.com",
"gcc-high.activity.windows.us",
"gcch-mtis.cortana.ai",
"gcchigh.loki.office365.us",
"go.microsoft.com",
"gov.teams.microsoft.us",
"graph.microsoft.com",
"graph.microsoft.us",
"graph.microsoftazure.us",
"graph.windows.net",
"informationprotection.hosting.portal.azure.net",
"insertmedia.bing.office.net",
"login-us.microsoftonline.com",
"login.live.com",
"login.microsoft.com",
"login.microsoftonline-p.com",
"login.microsoftonline.com",
"login.microsoftonline.us",
"login.windows-ppe.net",
"login.windows.net",
"logincert.microsoftonline.com",
"loginex.microsoftonline.com",
"lpcres.delve.office.com",
"manage.office365.us",
"management.azure.com",
"mem.gfx.ms",
"mlccdn.blob.core.windows.net",
"mlccdnprod.azureedge.net",
"mscrl.microsoft.com",
"msdn.microsoft.com",
"msteamsstatics.blob.core.usgovcloudapi.net",
"myanalytics-gcc.microsoft.com",
"myanalytics.microsoft.com",
"nexus.microsoftonline-p.com",
"nps.onyx.azure.net",
"o15.officeredir.microsoft.com",
"ocos-office365-s2s.msedge.net",
"ocsa.officeapps.live.com",
"ocsp.msocsp.com",
"ocsredir.officeapps.live.com",
"ocws.officeapps.live.com",
"od.apps.mil",
"odc.officeapps.live.com",
"office.live.com",
"office15client.microsoft.com",
"officeapps.live.com",
"officecdn.microsoft.com",
"officeclient.microsoft.com",
"officehome.msocdn.us",
"officepreviewredir.microsoft.com",
"officeredir.microsoft.com",
"ols.officeapps.live.com",
"oneclient.sfx.ms",
"outlook-dod.office365.us",
"outlook.office.com",
"outlook.office365.com",
"outlook.office365.us",
"partnerservices.getmicrosoftkey.com",
"passwordreset.microsoftonline.com",
"peoplegraph.firstpartyapps.oaspapps.com",
"pf.events.data.microsoft.com",
"pf.pipe.aria.microsoft.com",
"policykeyservice.dc.ad.msft.net",
"portal.apps.mil",
"portal.office365.us",
"prod.do.dsp.mp.microsoft.com",
"prod.firstpartyapps.oaspapps.com.akadns.net",
"prod.msocdn.com",
"prod.msocdn.us",
"protection.office.com",
"provisioningapi.microsoftonline.com",
"r.office.microsoft.com",
"reports.apps.mil",
"scc.office365.us",
"secure.aadcdn.microsoftonline-p.com",
"security.apps.mil",
"security.microsoft.com",
"security.microsoft.us",
"shellprod.msocdn.com",
"signup.live.com",
"smtp.office365.com",
"ssw.live.com",
"staffhub.ms",
"static.sharepointonline.com",
"statics.teams.microsoft.com",
"storage.live.com",
"support.microsoft.com",
"sway.com",
"tasks.office365.us",
"tb.events.data.microsoft.com",
"tb.pipe.aria.microsoft.com",
"teams.microsoft.com",
"teamsapuiwebcontent.blob.core.usgovcloudapi.net",
"technet.microsoft.com",
"telemetryservice.firstpartyapps.oaspapps.com",
"tsfe.trafficshaping.dsp.mp.microsoft.com",
"update.microsoft.com",
"webmail.apps.mil",
"webshell.dodsuite.office365.us",
"wikipedia.firstpartyapps.oaspapps.com",
"windowsupdate.com",
"wus-firstpartyapps.oaspapps.com",
"wus-www.sway-cdn.com",
"wus-www.sway-extensions.com",
"www.microsoft.com",
"www.office365.us",
"www.ohome.apps.mil",
"www.onedrive.com",
"www.outlook.com",
"www.sway.com");
for (d in domain_pattern_list)
{
if (shExpMatch(host, domain_pattern_list[d]))
{
return 'DIRECT';
}
}
/* Don't proxy redirects to SSO gateway */
if (false)
{
return 'DIRECT';
}
/* Handle SSO redirector requests for roaming users */
if (false)
{
return 'DIRECT';
}
/* Query page should always resolve to the proxy - even if it's treated as a local address */
if (isResolvable(host) && !(shExpMatch(url, 'http://query.webdefence.global.blackspider.com/*')))
{
var hostIP = dnsResolve(host);
/* Don't proxy non-routable addresses (RFC 3330) */
if (isInNet(hostIP, '0.0.0.0', '255.0.0.0') ||
isInNet(hostIP, '10.0.0.0', '255.0.0.0') ||
isInNet(hostIP, '127.0.0.0', '255.0.0.0') ||
isInNet(hostIP, '169.254.0.0', '255.255.0.0') ||
isInNet(hostIP, '172.16.0.0', '255.240.0.0') ||
isInNet(hostIP, '192.0.2.0', '255.255.255.0') ||
isInNet(hostIP, '192.88.99.0', '255.255.255.0') ||
isInNet(hostIP, '192.168.0.0', '255.255.0.0') ||
isInNet(hostIP, '198.18.0.0', '255.254.0.0') ||
isInNet(hostIP, '224.0.0.0', '240.0.0.0') ||
isInNet(hostIP, '240.0.0.0', '240.0.0.0') ||
isInNet(hostIP, '100.64.0.0', '255.192.0.0'))
{
return 'DIRECT';
}
/* Don't proxy local addresses */
if (false)
{
return 'DIRECT';
}
}
if (hosted)
{
if (url.substring(0, 6) == 'https:' || url.substring(0, 4) == 'wss:')
{
var pats = new Array("*.zoom.us",
"eega.login.ap1.oraclecloud.com",
"*.google.com",
"zopim.com",
"*.trendmicro.com",
"detect.firefox.com",
"bb.org.bd",
"meetingconnector.ip",
"workspace.turns.goog",
"*.googleusercontent.com",
"*.youtube-nocookie.com",
"*.swift.com",
"tpa.gdassist.com",
"*.bb.org.bd",
"*.westernunion.com",
"zoom.crc",
"zoomgov.com",
"*.jpmorgan.com",
"biznovelty.xyz",
"tunnel11.zoom.us",
"*.ny.zoomcrc.com",
"*.microsoft.com",
"*.gdassist.com",
"*.zoomgov.com",
"*.office.com",
"*.office365.com",
"redirector.gv11.com",
"*.microsoftonline.com",
"meetingconnector2.ip",
"ny.zoomcrc.com",
"*.autodesk.com",
"*.gstatic.com",
"*.ytimg.com",
"support.nelito.com",
"bracelectra.fx.com",
"edge-chat.facebook.com",
"bracbank.taleo.net",
"*.googleapis.com",
"sanctionsscreening.browse.swiftnet.sipn.swift.com",
"*.live.com",
"*.whatsApp.net",
"vpn.bracbank.com",
"sj.zoomcrc.com",
"*.illusionblack.com",
"*.whatsapp.com",
"*.nelito.com",
"fiuportal.bb.org.bd",
"*.bracbank.com",
"screening-utility.swiftnet.sipn.swift.com",
"*.googlevideo.com",
"meetingconnector.ip2",
"*.redhat.com",
"*.crowdstrike.com",
"user.mobireach.com.bd",
"oraclecloud.com",
"zoom.us",
"*.sj.zoomcrc.com",
"idp.swiftnet.sipn.swift.com",
"swift.com",
"meetingconnector2.ip2");
for (i in pats)
{
if (shExpMatch(host, pats[i].toLowerCase()))
{
// non-SSL-terminate hosts must use the normal address/port
return 'PROXY ipv4.157.51.199.175.hybrid-web.proxyfqdn.com:8080';
}
}
}
if (url.substring(0, 5) == 'http:' || url.substring(0, 6) == 'https:' || url.substring(0, 4) == 'wss:')
{
return 'PROXY ipv4.157.51.199.175.hybrid-web.proxyfqdn.com:8080';
}
if (url.substring(0, 4) == 'ftp:')
{
// ftp must use the normal address/port
return 'PROXY ipv4.157.51.199.175.hybrid-web.proxyfqdn.com:8080';
}
}
else
{
if (url.substring(0, 5) == 'http:' || url.substring(0, 6) == 'https:' || url.substring(0, 4) == 'ftp:')
{
return proxy_addresses;
}
}
return 'DIRECT';
}
// Ntw: --
var atyps = new Array("authservice.", "formauth.");
function FindProxyForURL(url, host)
{
var proxy_addresses;
var hosted;
/* Convert the host parameter to lowercase
to facilitate case insensitive matching.
*/
host = host.toLowerCase();
proxy_addresses = 'PROXY ipv4.157.51.199.175.hybrid-web.proxyfqdn.com:8080';
if ('' == 'Network_111111')
{
if (url.substring(0, 5) == 'http:')
{
proxy_addresses = 'PROXY 10.1.1.1:8080; PROXY 10.1.1.2:8080; PROXY 10.1.1.3:8080';
}
if (url.substring(0, 6) == 'https:')
{
proxy_addresses = 'PROXY 10.1.1.1:8080; PROXY 10.1.1.2:8080; PROXY 10.1.1.3:8080';
}
if (url.substring(0, 4) == 'ftp:')
{
proxy_addresses = 'PROXY 10.1.1.1:21; PROXY 10.1.1.2:21; PROXY 10.1.1.3:21';
}
}
if ('' == 'Network_111112')
{
if (url.substring(0, 5) == 'http:')
{
proxy_addresses = 'PROXY 10.1.1.1:8080; PROXY 10.1.1.2:8080; PROXY 10.1.1.3:8080';
}
if (url.substring(0, 6) == 'https:')
{
proxy_addresses = 'PROXY 10.1.1.1:8080; PROXY 10.1.1.2:8080; PROXY 10.1.1.3:8080';
}
if (url.substring(0, 4) == 'ftp:')
{
proxy_addresses = 'PROXY 10.1.1.1:21; PROXY 10.1.1.2:21; PROXY 10.1.1.3:21';
}
}
hosted = (proxy_addresses == 'PROXY ipv4.157.51.199.175.hybrid-web.proxyfqdn.com:8080');
/* Don't proxy local hostnames */
if (isPlainHostName(host))
{
return 'DIRECT';
}
/* always proxy on normal service address/port for the login host */
if (shExpMatch(host, '*proxy-login.blackspider.com'))
{
// Examine and possibly replace the first proxy setting generated above.
prx_sect = proxy_addresses.split(';')[0]; // get 1st setting
if (!shExpMatch(prx_sect, 'PROXY *')) return proxy_addresses; // Not a proxy specifier, so don't change anything
// Verify that the proxy specifier is in the hosted domain by checking last 2 hostname components
std_host = 'ipv4.157.51.199.175.hybrid-web.proxyfqdn.com';
idx = std_host.search('\.[^.]+\.[^.]+$');
if (idx < 0) return proxy_addresses; // Not enough hostname components to check whether it is in hosted domain, so we should not change it
std_domain = std_host.substring(idx);
len_std_domain = std_domain.length;
prx_spec = prx_sect.split(' ',2)[1]; // discard 'PROXY ' part keeping host:port
prx = prx_spec.split(':')[0]; // split hostname from port
if (prx.substring(prx.length - len_std_domain) != std_domain) return proxy_addresses; // Not in hosted domain, so we should not change it
for (i in atyps)
{
// strip away auth-type prefix, if present, from hostname in order to use standard service
atyp = atyps[i];
if (prx.substring(0, atyp.length) == atyp) return 'PROXY ' + prx_spec.substring(atyp.length);
}
// Not an auth-type hostname, so change port number to access the standard service
return 'PROXY ' + prx + ':8080';
}
/* Don't proxy local domains */
var domain_list;
if ( hosted )
{
// Unfiltered destinations of type hybrid and both hybrid and explicit.
domain_list = new Array("");
}
else
{
// Unfiltered destinations of type explicit and both hybrid and explicit.
domain_list = new Array("");
}
for (d in domain_list)
{
if ( dnsDomainIs(host, "." + domain_list[d] ) || host == domain_list[d] )
{
return 'DIRECT';
}
}
/* Don't proxy Windows Update */
if ((host == "download.microsoft.com") ||
(host == "ntservicepack.microsoft.com") ||
(host == "cdm.microsoft.com") ||
(host == "officecdn.microsoft.com.edgesuite.net") ||
(host == "wustat.windows.com") ||
(host == "windowsupdate.microsoft.com") ||
(dnsDomainIs(host, ".windowsupdate.microsoft.com")) ||
(host == "update.microsoft.com") ||
(dnsDomainIs(host, ".update.microsoft.com")) ||
(dnsDomainIs(host, ".windowsupdate.com")) ||
(host == "officecdn.microsoft.com") ||
(host == "sci2-1.am.microsoft.com") ||
(dnsDomainIs(host, ".mp.microsoft.com")) ||
(dnsDomainIs(host, ".dl.ws.microsoft.com")) ||
(dnsDomainIs(host, ".delivery.mp.microsoft.com")) ||
(host == "query1.finance.yahoo.com") ||
(host == "query2.finance.yahoo.com") ||
(dnsDomainIs(host, "emdl.ws.microsoft.com")) ||
(dnsDomainIs(host, "adl.windows.com")) ||
(host == "swcdn.apple.com") ||
(host == "updates-http.cdn-apple.com") ||
(host == "updates.cdn-apple.com"))
{
return 'DIRECT';
}
/* Don't proxy Office 365 */
var domain_pattern_list = new Array("*.aadrm.com",
"*.aadrm.us",
"*.activity.windows.com",
"*.adl.windows.com",
"*.appex-rf.msn.com",
"*.aria.microsoft.com",
"*.assets-yammer.com",
"*.auth.microsoft.com",
"*.auth.microsoft.us",
"*.azure-apim.net",
"*.azureedge.net",
"*.azurerms.com",
"*.broadcast.skype.com",
"*.cdn.office.net",
"*.cdn.office365.us",
"*.compliance.apps.mil",
"*.compliance.microsoft.com",
"*.compliance.microsoft.us",
"*.cortana.ai",
"*.dod.online.office365.us",
"*.dod.teams.microsoft.us",
"*.dps.mil",
"*.ecdn.microsoft.com",
"*.events.data.microsoft.com",
"*.flow.microsoft.com",
"*.gov.online.office365.us",
"*.gov.skypeforbusiness.us",
"*.gov.teams.microsoft.us",
"*.gov.us.microsoftonline.com",
"*.hip.live.com",
"*.informationprotection.azure.com",
"*.informationprotection.azure.us",
"*.keydelivery.mediaservices.windows.net",
"*.lync.com",
"*.mail.protection.outlook.com",
"*.manage.microsoft.com",
"*.manage.office365.us",
"*.media.azure.net",
"*.microsoft.com",
"*.microsoftonline-p.com",
"*.microsoftonline.com",
"*.microsoftstream.com",
"*.microsoftusercontent.com",
"*.msauth.net",
"*.msauthimages.net",
"*.msauthimages.us",
"*.msecnd.net",
"*.msftauth.net",
"*.msftauthimages.net",
"*.msftauthimages.us",
"*.msftidentity.com",
"*.msidentity.com",
"*.msocdn.com",
"*.mstea.ms",
"*.od.apps.mil",
"*.office.com",
"*.office.net",
"*.office365.com",
"*.office365.us",
"*.officeapps.live.com",
"*.onenote.com",
"*.online.dod.skypeforbusiness.us",
"*.online.office.com",
"*.onmicrosoft.com",
"*.osi.apps.mil",
"*.osi.office365.us",
"*.outlook.com",
"*.outlook.office.com",
"*.outlookmobile.com",
"*.portal.cloudappsecurity.com",
"*.powerapps.com",
"*.protection.apps.mil",
"*.protection.office.com",
"*.protection.office365.us",
"*.protection.outlook.com",
"*.scc.office365.us",
"*.search.production.apac.trafficmanager.net",
"*.search.production.emea.trafficmanager.net",
"*.search.production.us.trafficmanager.net",
"*.secure.skypeassets.com",
"*.security.apps.mil",
"*.security.microsoft.com",
"*.security.microsoft.us",
"*.sfbassets.com",
"*.sharepoint-mil.us",
"*.sharepoint.com",
"*.sharepoint.us",
"*.sharepointonline.com",
"*.skype.com",
"*.skypeforbusiness.com",
"*.streaming.mediaservices.windows.net",
"*.svc.ms",
"*.teams.microsoft.com",
"*.users.storage.live.com",
"*.virtualearth.net",
"*.wns.windows.com",
"*.yammer.com",
"*.yammerusercontent.com",
"*cdn.onenote.net",
"account.activedirectory.windowsazure.com",
"account.live.com",
"account.office.net",
"accounts.accesscontrol.windows.net",
"activation.sls.microsoft.com",
"activity.windows.com",
"adelivery.mp.microsoft.com",
"admin.microsoft.com",
"admin.onedrive.com",
"admin.onedrive.us",
"adminwebservice.microsoftonline.com",
"ajax.aspnetcdn.com",
"aka.ms",
"amp.azure.net",
"api.passwordreset.microsoftonline.com",
"apis.live.net",
"appsforoffice.microsoft.com",
"assets.onestore.ms",
"attachments-dod.office365-net.us",
"attachments.office365-net.us",
"auth.gfx.ms",
"autodiscover-s-dod.office365.us",
"autodiscover-s.office365.us",
"autodiscover.*.mail.onmicrosoft.com",
"autodiscover.*.mail.onmicrosoft.us",
"autodiscover.*.onmicrosoft.com",
"autodiscover.*.onmicrosoft.us",
"autologon.microsoftazuread-sso.com",
"az741266.vo.msecnd.net",
"becws.microsoftonline.com",
"broadcast.skype.com",
"c.live.com",
"c1.microsoft.com",
"ccs.login.microsoftonline.com",
"cdn.odc.officeapps.live.com",
"cdn.uci.officeapps.live.com",
"cdnprod.myanalytics.microsoft.com",
"clientconfig.microsoftonline-p.net",
"companymanager.microsoftonline.com",
"compass-ssl.microsoft.com",
"compliance.apps.mil",
"compliance.microsoft.com",
"compliance.microsoft.us",
"config.apps.mil",
"crl.microsoft.com",
"d.docs.live.net",
"dc.services.visualstudio.com",
"defender.microsoft.com",
"device.login.microsoftonline.com",
"dgps.support.microsoft.com",
"directory.services.live.com",
"dl.delivery.mp.microsoft.com",
"docs.live.net",
"docs.microsoft.com",
"dod-graph.microsoft.us",
"dod-mtis.cortana.ai",
"dod.activity.windows.us",
"dod.loki.office365.us",
"dod.teams.microsoft.us",
"dodteamsapuiwebcontent.blob.core.usgovcloudapi.net",
"ecn.dev.virtualearth.net",
"emdl.ws.microsoft.com",
"endpoint1-proddodcecompsvc-dodc.streaming.media.usgovcloudapi.net",
"endpoint1-proddodeacompsvc-dode.streaming.media.usgovcloudapi.net",
"enterpriseregistration.windows.net",
"eus-www.sway-cdn.com",
"eus-www.sway-extensions.com",
"excelbingmap.firstpartyapps.oaspapps.com",
"firstpartyapps.oaspapps.com",
"g.live.com",
"gcc-high.activity.windows.us",
"gcch-mtis.cortana.ai",
"gcchigh.loki.office365.us",
"go.microsoft.com",
"gov.teams.microsoft.us",
"graph.microsoft.com",
"graph.microsoft.us",
"graph.microsoftazure.us",
"graph.windows.net",
"informationprotection.hosting.portal.azure.net",
"insertmedia.bing.office.net",
"login-us.microsoftonline.com",
"login.live.com",
"login.microsoft.com",
"login.microsoftonline-p.com",
"login.microsoftonline.com",
"login.microsoftonline.us",
"login.windows-ppe.net",
"login.windows.net",
"logincert.microsoftonline.com",
"loginex.microsoftonline.com",
"lpcres.delve.office.com",
"manage.office365.us",
"management.azure.com",
"mem.gfx.ms",
"mlccdn.blob.core.windows.net",
"mlccdnprod.azureedge.net",
"mscrl.microsoft.com",
"msdn.microsoft.com",
"msteamsstatics.blob.core.usgovcloudapi.net",
"myanalytics-gcc.microsoft.com",
"myanalytics.microsoft.com",
"nexus.microsoftonline-p.com",
"nps.onyx.azure.net",
"o15.officeredir.microsoft.com",
"ocos-office365-s2s.msedge.net",
"ocsa.officeapps.live.com",
"ocsp.msocsp.com",
"ocsredir.officeapps.live.com",
"ocws.officeapps.live.com",
"od.apps.mil",
"odc.officeapps.live.com",
"office.live.com",
"office15client.microsoft.com",
"officeapps.live.com",
"officecdn.microsoft.com",
"officeclient.microsoft.com",
"officehome.msocdn.us",
"officepreviewredir.microsoft.com",
"officeredir.microsoft.com",
"ols.officeapps.live.com",
"oneclient.sfx.ms",
"outlook-dod.office365.us",
"outlook.office.com",
"outlook.office365.com",
"outlook.office365.us",
"partnerservices.getmicrosoftkey.com",
"passwordreset.microsoftonline.com",
"peoplegraph.firstpartyapps.oaspapps.com",
"pf.events.data.microsoft.com",
"pf.pipe.aria.microsoft.com",
"policykeyservice.dc.ad.msft.net",
"portal.apps.mil",
"portal.office365.us",
"prod.do.dsp.mp.microsoft.com",
"prod.firstpartyapps.oaspapps.com.akadns.net",
"prod.msocdn.com",
"prod.msocdn.us",
"protection.office.com",
"provisioningapi.microsoftonline.com",
"r.office.microsoft.com",
"reports.apps.mil",
"scc.office365.us",
"secure.aadcdn.microsoftonline-p.com",
"security.apps.mil",
"security.microsoft.com",
"security.microsoft.us",
"shellprod.msocdn.com",
"signup.live.com",
"smtp.office365.com",
"ssw.live.com",
"staffhub.ms",
"static.sharepointonline.com",
"statics.teams.microsoft.com",
"storage.live.com",
"support.microsoft.com",
"sway.com",
"tasks.office365.us",
"tb.events.data.microsoft.com",
"tb.pipe.aria.microsoft.com",
"teams.microsoft.com",
"teamsapuiwebcontent.blob.core.usgovcloudapi.net",
"technet.microsoft.com",
"telemetryservice.firstpartyapps.oaspapps.com",
"tsfe.trafficshaping.dsp.mp.microsoft.com",
"update.microsoft.com",
"webmail.apps.mil",
"webshell.dodsuite.office365.us",
"wikipedia.firstpartyapps.oaspapps.com",
"windowsupdate.com",
"wus-firstpartyapps.oaspapps.com",
"wus-www.sway-cdn.com",
"wus-www.sway-extensions.com",
"www.microsoft.com",
"www.office365.us",
"www.ohome.apps.mil",
"www.onedrive.com",
"www.outlook.com",
"www.sway.com");
for (d in domain_pattern_list)
{
if (shExpMatch(host, domain_pattern_list[d]))
{
return 'DIRECT';
}
}
/* Don't proxy redirects to SSO gateway */
if (false)
{
return 'DIRECT';
}
/* Handle SSO redirector requests for roaming users */
if (false)
{
return 'DIRECT';
}
/* Query page should always resolve to the proxy - even if it's treated as a local address */
if (isResolvable(host) && !(shExpMatch(url, 'http://query.webdefence.global.blackspider.com/*')))
{
var hostIP = dnsResolve(host);
/* Don't proxy non-routable addresses (RFC 3330) */
if (isInNet(hostIP, '0.0.0.0', '255.0.0.0') ||
isInNet(hostIP, '10.0.0.0', '255.0.0.0') ||
isInNet(hostIP, '127.0.0.0', '255.0.0.0') ||
isInNet(hostIP, '169.254.0.0', '255.255.0.0') ||
isInNet(hostIP, '172.16.0.0', '255.240.0.0') ||
isInNet(hostIP, '192.0.2.0', '255.255.255.0') ||
isInNet(hostIP, '192.88.99.0', '255.255.255.0') ||
isInNet(hostIP, '192.168.0.0', '255.255.0.0') ||
isInNet(hostIP, '198.18.0.0', '255.254.0.0') ||
isInNet(hostIP, '224.0.0.0', '240.0.0.0') ||
isInNet(hostIP, '240.0.0.0', '240.0.0.0') ||
isInNet(hostIP, '100.64.0.0', '255.192.0.0'))
{
return 'DIRECT';
}
/* Don't proxy local addresses */
if (false)
{
return 'DIRECT';
}
}
if (hosted)
{
if (url.substring(0, 6) == 'https:' || url.substring(0, 4) == 'wss:')
{
var pats = new Array("*.zoom.us",
"eega.login.ap1.oraclecloud.com",
"*.google.com",
"zopim.com",
"*.trendmicro.com",
"detect.firefox.com",
"bb.org.bd",
"meetingconnector.ip",
"workspace.turns.goog",
"*.googleusercontent.com",
"*.youtube-nocookie.com",
"*.swift.com",
"tpa.gdassist.com",
"*.bb.org.bd",
"*.westernunion.com",
"zoom.crc",
"zoomgov.com",
"*.jpmorgan.com",
"biznovelty.xyz",
"tunnel11.zoom.us",
"*.ny.zoomcrc.com",
"*.microsoft.com",
"*.gdassist.com",
"*.zoomgov.com",
"*.office.com",
"*.office365.com",
"redirector.gv11.com",
"*.microsoftonline.com",
"meetingconnector2.ip",
"ny.zoomcrc.com",
"*.autodesk.com",
"*.gstatic.com",
"*.ytimg.com",
"support.nelito.com",
"bracelectra.fx.com",
"edge-chat.facebook.com",
"bracbank.taleo.net",
"*.googleapis.com",
"sanctionsscreening.browse.swiftnet.sipn.swift.com",
"*.live.com",
"*.whatsApp.net",
"vpn.bracbank.com",
"sj.zoomcrc.com",
"*.illusionblack.com",
"*.whatsapp.com",
"*.nelito.com",
"fiuportal.bb.org.bd",
"*.bracbank.com",
"screening-utility.swiftnet.sipn.swift.com",
"*.googlevideo.com",
"meetingconnector.ip2",
"*.redhat.com",
"*.crowdstrike.com",
"user.mobireach.com.bd",
"oraclecloud.com",
"zoom.us",
"*.sj.zoomcrc.com",
"idp.swiftnet.sipn.swift.com",
"swift.com",
"meetingconnector2.ip2");
for (i in pats)
{
if (shExpMatch(host, pats[i].toLowerCase()))
{
// non-SSL-terminate hosts must use the normal address/port
return 'PROXY ipv4.157.51.199.175.hybrid-web.proxyfqdn.com:8080';
}
}
}
if (url.substring(0, 5) == 'http:' || url.substring(0, 6) == 'https:' || url.substring(0, 4) == 'wss:')
{
return 'PROXY ipv4.157.51.199.175.hybrid-web.proxyfqdn.com:8080';
}
if (url.substring(0, 4) == 'ftp:')
{
// ftp must use the normal address/port
return 'PROXY ipv4.157.51.199.175.hybrid-web.proxyfqdn.com:8080';
}
}
else
{
if (url.substring(0, 5) == 'http:' || url.substring(0, 6) == 'https:' || url.substring(0, 4) == 'ftp:')
{
return proxy_addresses;
}
}
return 'DIRECT';
}