cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Travler
Level 10
Report Inappropriate Content
Message 1 of 3

pac file entry not working

We've used MWG with a pac file for over a decade.  (The pac file was created by the McAfee engineer who was onsite performing the original installation of the MWG.)  Over the years, I've only needed to add a handful of entries for problem websites, which have always worked fine after making the necessary additions.  Although I'm not a programmer, I suspect that with the file being less than 50 lines long, it is about as nice and clean as possible.   We push the browser's Automatic Proxy Setup setting, including the location of the Script Address which points to the pac file stored on our MWG, via GPO.  Manual Proxy Settings are turned off.

We now need to access a website that implements a connection to trayapp.smartcorp.net.  An nslookup of this URL returns the localhost IP of 127.0.0.1.   This is correct and by design.  If I uncheck the pac file settings the site works fine, but with the pac file settings checked the website will not connect correctly to the trayapp component.  Furthermore, if I uncheck the pac file and then check the Manual Proxy Settings and point it to the MWG, it still does not connect.  However, if I uncheck the pac file, check the Manual settings AND put trayapp.smartcorp.net in the exclusion box, the site works fine.

I've worked with support on this and they determined that the behavior described above indicates the problem is not with the MWG but with the pac file.   We've attempted quite a few different iterations of adding trayapp.smartcorp.net to the pac file, but to no avail:

shExpMatch(host,"*trayapp.smartcorp.net") ||

shExpMatch(host,"*.smartcorp.net") ||

dnsDomainIs(host,"*trayapp.smartcorp.net") ||

isInNet(hostip, "127.0.0.1", 255.255.255.255") ||

etc. etc.  (as you can see, I was getting a bit desperate in my attempts there.)

Also, know that we've always had the following in the pac file:

if ( shExpMatch(lhost, "localhost") ||

      shExpMAtch(host, "127.0.0.1") ) {

   return "DIRECT";

}

I also need to mention that the vendor states making proxy allocations for

trayapp.smartcorp.net:8889

but when using the Manual browser settings, the entry in the exclusion box does not need the port number in order for it to work.   I have attempted using the :8889 addition to the many attempts listed earlier, to no avail.

Finally, this trayapp.smartcorp.net traffic is wss traffic, so I've attempted to bypass this in the MWG with Websocket Handling ruleset, but neither I nor Support made any progress with this.  Support finally concluded that this is solely a pac file issue, as I noted earlier.

So, are there any pac file gurus out there able to shed some light on why I cannot get this traffic excluded with a pac file entry?

Thanks in advance!

 

 

2 Replies
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: pac file entry not working

Hello,

can you ensure it is the PAC file causing the issue? This should be easy. If you do not try to go to the website but directly call the URL that should match in the PAC file, you should see how the browser behaves, it it sends the request to the proxy or direct.

You can make a copy of your PAC file and copy it somewhere (even locally on your PC), so you can play around without affecting others. What helped me with my last PAC file issue was using Firefox and putting "alert" calls into the PAC file, so I was exactly able to see what if statement matched and which did not and even return the content of "host" to see what the PAC file sees.

For the last PAC file issue I had it turned out that the file was stored with a wrong encoding, causing the browser to ignore several lines. Make sure it is saved as UTF8 also does not contain any control characters or windows line endings.

But the first thing I would do is finding out if the entries in the PAC file work as expected. They may work as expected but the web site still fails to work due to some JavaScript stuff not liking the proxy/PAC file or whatever. This should be the first thing to ensure and pretty easy to do.

Best,
Andre

Travler
Level 10
Report Inappropriate Content
Message 3 of 3

Re: pac file entry not working

Thanks for the reply!

"If you do not try to go to the website but directly call the URL that should match in the PAC file, you should see how the browser behaves, it it sends the request to the proxy or direct."

I guess I'm not understanding you.  The URL in question, trayapp.smartcorp.net , isn't a website but rather a component of the vendor's website which calls a wss connection to the user's localhost (127.0.0.1) for the website to function.  (There is also a trayapp application installed on the user's pc, which I'm assuming is facilitating this connection.)  So, I'm not sure how to test connectivity to this URL without actually being at the vendor's website and trying to duplicate an end user experience.   

"They may work as expected but the web site still fails to work due to some JavaScript stuff not liking the proxy/PAC file or whatever."

This thought crossed my mind once I saw that the error relating to the wss connection to trayapp.smartcorp.net has js in it.  If it is, I certainly don't know how to troubleshoot that since it would be controlled by the vendor.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community