I had thiscrazy idea to put my PAC file on separate web server. I want to do this in order to make editing easier and add revisioning (svn, git) and force comments on PAC file change. But as I have a HA MWG setup I want to use MWG as a proxy in between. So users have their web browsers pointed to <my_mwg_proxy_HA>:8000/proxy.pac and this should response with PAC file.
I have a separate listner on 8080 port and separate ruleset.
I would like MWG to cache the PAC files retrived from external server for all clients.
To make it possible to refresh the cached PAC file when changed I wanted to put a script on the PAC file serving machine that when PAC file is successfully modified sends a request.
This request (based on source IP) should not read PAC files from cache but should write to cache thus refreshing MWG cached PAC file.
I was able to make a setup like this but the PAC files are still not cached. Every request goes to the external server. Is it possible to cache PAC file (application/x-ns-proxy-autoconfig)? Maybe the Enable Next Hop Proxy forces no caching? Maybe it is possible to force MWG to cache this request?
I have attached the ruleset I have created.
Just to clarify things:
Are you relying on Write to Cache rule for Web Gateway to cache this file?
If so, I believe that MWG does not cache this type of information. I tried to find some information on proxy cache and how does it work in MWG, but i didn't find anything. I remember opening a case with a similar issue and support told me that some type of content is not cacheable. I don't have any specif info, but I think it was related to the headers of the request.
One thing, though, do you have any proxy exceptions to local addresses configured within the browsers?
When you say But as I have a HA MWG setup I want to use MWG as a proxy in between. So users have their web browsers pointed to <my_mwg_proxy_HA>:8000/proxy.pac and this should response with PAC file. What do you mean, you should point the browsers to the external server and have the clients access this file through proxy, in order to MWG, if possibly (and I think it won't), cache it.
Anyway, are MWG and this server part of the same network? Is it possible to store the file within some server in the same net as MWG? The traffic to that server would be the same as for Web Gateway, and wouldn't require such cache configuration.
Thanks, so it seems that based on headers this file is not cached Any one here knows what is or can be cached by MWG? Or what headers is Web Gateway looking for?
Edxavier... Yes I could point the clients directly to the external server. But I had this idea that I let user fetch pac file through proxy. I think this way I could have multiple proxy HA setup spread geographically but a single (one node) host where the PAC file reside. And a single point where the PAC files are edited. And Web Gateways should (using their cache) need to access PAC files on this server only in rare cases or when it is forced. That was my idea And that is why I would like to run this request through Web Gateway. And accually everything would be ok except the caching part doesn't work.... 100% requests MISS
That's too bad, blazej, but having it stored within this external server would achieve the single point of editing that you want. But I assume you want every MWG node to serve the file locally within that network, I'm afraid that won't work.
Some other ideas:
You could host the PAC on MWG and serve it up itself.
You can have a set of scheduled jobs that copy the PAC from one MWG to another periodically to keep them synced.
Why have a file at all?
You have rules that hand the PAC file processing, just make the body of the PAC file a user-defined string and edit that right in the policy, and have it send replace the Body.Text when it responds.
A little more complex to set up, but it does provide the same effect.
The first idea would fit me
I know how to do it in Linux enviroment but how to do it in Web Gateway? I mean how to do it so that it will survive system upgrades and be ok with Web Gateway best practices?
Should I use cron? Where in the filesystem can I safely put the script?
Let's say you have 3 MWGs. #1 is where you post changes to the PAC.
#2 & #3, you setup scheduled jobs to download it from #1 and put it into the folder where the PAC file resides:
Download the PAC from #1 using it's URL
Save it on the file system at:
Will the download automatically overwrite the existing pac file on the appliance where the job is run? I'd like to run a similar setup; just want to verify that it doesn't just rename the newly downloaded file if there's a file with the same name already in the local directory.