This checks source IP and destination URL, based on it send it via proxy or allows it direct.
Use case
For users connected over RA-VPN, I don’t want them to ride the tunnel for bandwidth heavy internet based applications. E.g. youtube.com or something such as an e-learning, video streaming services.
Solution for such a situation would be two step – split-tunnel the domains, and add those to proxy pac file.
For modern cloud-based applications that are globally load balanced and may change their IP addresses frequently for optimization or availability reasons – technologies such as DST (Dynamic Split Tunneling) on Cisco ASA or App-ID on Palo Alto may workout better due to their flexibility.
Proxy file code
// This pac file checks if an end-user is in 192.x.x.x and trying to go to a set of URLs. It returns appropriate proxy accordingly
function FindProxyForURL(url, host)
{
// *** is local IP in 192.168.1.0/24 network?
if (
(isInNet(myIpAddress(), "192.168.1.10", "255.255.255.255") || isInNet(myIpAddress(), "192.168.1.11", "255.255.255.255") || isInNet(myIpAddress(), "192.168.1.12", "255.255.255.255")) &&
(
// *** is the destination URL one of these?
shExpMatch(host,"*.youtube.com") ||
dnsDomainIs(host,"ipecho.net") ||
dnsDomainIs(host,"ipchicken.com")
)
)
// *** set a proxy server
{return "PROXY AA.BB.CC.DD:3128";}
// *** set a global proxy server in the event no other conditions are met
else
{return "DIRECT";}
}