iOS Pac File
After presenting a business plan to our Principal, I have been able to procure an iPad mini for each of my team. Â I believe that if we are all connected (via email, to our helpdesk, wiki and google drive) jobs will get completed sooner, can be handed between techs more smoothly and will enable notes to be written more quickly. Â Thankfully my Principal agreed and those iPads arrive today.
We’ve been running a BYOD scheme for staff and 6th form for some time.  Although we’re not pushing the scheme aggressively, it’s gathering a natural pace with around 80 devices connecting most days.  I set up a Proxy.pac file for iOS devices some months ago and it seems to work well for the BYOD users, but my team will need access to more internal services.
Pac files can be unusual, especially on iOS.  Also iOS devices can cache the file making trouble shooting that much more difficult. For my benefit as much as anyone else’s, here is the working version as it stands.
function FindProxyForURL(url, host)
{
if ((host==”localhost”) ||
shExpMatch(host, “*localhost.*”) ||
shExpMatch(host, “10.10.10.0/20”) ||
shExpMatch(host, “17.0.0.0/8”) ||
shExpMatch(host, “*moodle.school.com*”) ||
shExpMatch(host, “*wifi.school.com*”) ||
shExpMatch(host, “*proxy.school.com*”) ||
shExpMatch(host, “*lead.school.local*”) ||
shExpMatch(host, “*aluminium.school.local*”) ||
isPlainHostName(host) ||
(host == “127.0.0.1”))
{
return “DIRECT”;
}
return “PROXY proxy.LEA.net:80”
}
To explain, 10.10.10.0/20 is our internal range of IPs.
17.0.0.0/8 is the apple range of public IPs – We have found apple devices prefer un-proxied access to home.
moodle.school.com – Our internally hosted moodle server.
wifi.school.com – Our internally hosted wifi controller (which users need to reauthenticate to every so often).
proxy.school.com – This is just an alias of our moodle server. It is where the proxy.pac file resides.
lead.school.local – This is the server hosting our helpdesk. Currently internal only (hence .local).
aluminium.school.local – This server runs our wiki and some other internal sites.
isPlainHostName – This rule allows us to connect to a simple host name. One of our workstations perhaps.
return “DIRECT”; – All the rules above should connect directly.
return “PROXY proxy.LEA.net:80” – If the request is not one stated, return the proxy address.
My goal in the not too distant future is to stop using the LEAs proxy server and run a transparent proxy in house.
Blog: iOS and proxy servers: http://t.co/C63yPjBMfa Pac files & iPads #Edtech #Edugeek
Are you seeing any issues with the pac file and ios8.0.2? We’re using a .dat file and can’t resolve the proxy unless we use a simple address – it doesn’t seem that ios8 likes domain.local/yourproxyfile when resolving…
Hi Laura – sorry for the delay in replying.
I’ve found various issues with Apple devices and .local domains. Apple used this as a default. So my iphone will often identify itself as iPhone.local.
I’d be tempted to try publish your pac/wpad file using the IP address – so for example 192.168.0.1yourproxyfile
Thanks for your comment.