Why use a PAC file?
In explicit proxy and Forcepoint Web Security Hybrid Module deployments of Forcepoint Web Security, using a PAC file fulfills several vital functions:
- The PAC file provides critical security, ensuring that traffic is always proxied when it should be, while allowing secure requests to go direct to the destination.
- Typically, Internet-bound HTTP, HTTPS, and FTP traffic is sent to the proxy.
- Typically, intranet traffic goes direct to the destination.
- Exceptions can be made for internal or external sites that, for whatever reason, must go to or bypass the proxy.
- The PAC file locks down the web browser’s LAN egress configuration. The PAC file should be appropriately permission-protected so that end-users cannot change it. This is most easily accomplished when the PAC file is administered with a Group Policy Object. See How do I configure a Group Policy so that Internet Explorer uses the PAC file?
- The PAC file provides a flexible, easy to maintain, script-driven method of controlling the routing of web requests.
- The PAC file can include code that handles proxy load distribution and failover.Note: It is important from an organizational security perspective that end users be prohibited from installing unapproved applications on their computers. Without such restrictions, users could install alternate browsers in an attempt to circumvent PAC controls. Within the organizational perimeter, by application of appropriate firewall rules, users should be forced to browse through the designated proxy server(s) only.