Examples
Common examples
Real-world PAC files for the most common deployment scenarios.
Corporate: bypass internal, proxy external
The most common enterprise pattern. Internal hosts and RFC1918 ranges go direct; everything else uses a proxy with failover.
proxy.pac
function FindProxyForURL(url, host) { // Fast checks first — no DNS cost if (isPlainHostName(host)) { return "DIRECT"; } if ( dnsDomainIs(host, ".corp.internal") || dnsDomainIs(host, ".corp.com")) { return "DIRECT"; } // One DNS call — reused for all subnet checks var ip = dnsResolve(host); if (ip && ( isInNet(ip, "10.0.0.0", "255.0.0.0") || isInNet(ip, "172.16.0.0", "255.240.0.0") || isInNet(ip, "192.168.0.0", "255.255.0.0") || isInNet(ip, "127.0.0.0", "255.0.0.0"))) { return "DIRECT"; } return "PROXY proxy1.corp.com:8080; PROXY proxy2.corp.com:8080; DIRECT"; }
Split-tunnel by protocol
Route HTTP through one proxy, HTTPS through another, FTP directly.
proxy.pac
function FindProxyForURL(url, host) { if (shExpMatch(url, "http:*")) { return "PROXY http-proxy.corp.com:8080"; } if (shExpMatch(url, "https:*")) { return "PROXY ssl-proxy.corp.com:8443"; } if (shExpMatch(url, "ftp:*")) { return "DIRECT"; } return "DIRECT"; }
Time-based routing
Use the corporate proxy during business hours; go direct outside those hours.
proxy.pac
function FindProxyForURL(url, host) { if (isPlainHostName(host)) { return "DIRECT"; } if ( weekdayRange("MON", "FRI") && timeRange(8, 18)) { return "PROXY proxy.corp.com:8080"; } return "DIRECT"; }
SOCKS5 with HTTP fallback
Try a SOCKS5 proxy first, then fall back to an HTTP proxy, then direct.
proxy.pac
function FindProxyForURL(url, host) { if (isPlainHostName(host)) { return "DIRECT"; } return "SOCKS5 socks.corp.com:1080; PROXY proxy.corp.com:8080; DIRECT"; }