Policy-specific PAC file

Policy-specific PAC file URLs are in the following form:

http://pac.webdefence.global.blackspider.com:8082/proxy.pac?p=xxxxxx

https://pac.webdefence.global.blackspider.com:8087/proxy.pac?p=xxxxxx

Here, xxxxxx is a unique identifier for your policy.

Your Policy Specific PAC File Address is shown on your policy’s General tab. To access this screen, go to the Web > Policy Management > Policies page, then click the name of the policy.

You should use the policy-specific PAC file in the following circumstances:

  • You cannot use a proxied connection on your policies. (You do not need to use a policy-specific URL when connecting from an IP address configured as a proxied connection in a policy, since the policy-specific PAC file is automatically served.)
  • A remote user needs to access bypass destinations specified in the policy-specific PAC file, but is able to access these destinations directly, for example, via a VPN client.
  • A remote user requests access from a network that has port 8082 locked down (or port 8087 for HTTPS). In this case, use the alternate PAC file address listed on the policy’s General tab. This accesses the PAC file via port 80 (port 443 for HTTPS).

    Remote users should also use the alternate policy-specific PAC file address if requesting access from a network that has port 8081 locked down. Even if they can access the PAC file on port 8082 or 8087, port 8081 is the standard required port to be able to use the cloud service.

The policy-specific PAC file allows remote users to always use the correct PAC file for their policy, although this is not always appropriate, because bypass destinations may not be relevant for the remote users’ locations.

Important:

There is a security implication related to the use of PAC files. If someone could guess your unique policy identifier and download it, that person would know what sites were not protected by the cloud service and could, in theory, use them as an attack vector. To prevent this, PAC file identifiers are generated as non-sequential alphanumeric strings. Users cannot assume that the number on either side of their PAC file identifier is valid.

For additional security, use the HTTPS PAC file URL. Forcepoint also recommends disabling the Automatically detect settings option in your LAN automatic configuration settings.