[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
proxy.pac and ibproxy.pac

To: terrence@xxxxxxxxxxxxxxxxxxxxx
Subject: proxy.pac and ibproxy.pac
From: Terrence Miao <terrence@xxxxxxxxxxxxxx>
Date: Wed, 15 Mar 2006 18:18:24 +1100
Resent-date: Wed, 15 Mar 2006 18:25:13 +1100
Resent-from: terrence@xxxxxxxxxxxxxx
Resent-message-id: <200603150725.k2F7PDMS023532@squatter.its.unimacq.edu.au>
Resent-to: terrence@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i
proxy.pac and ibproxy.pac
-------------------------

[root@squatter bin]# cat /tmp/proxy.pac
#!/usr/local/bin/perl -w
use strict;
use lib "/servers/web/lib/perl5/site_perl/5.005";

############################################################
# University of Macquarie
# Automatic proxy configuration script
# Version: $Id: proxy.pac,v 1.27 2006/02/06 16:36:39 terrence Exp $
#

############################################################
# Packages
#
use NetAddr::IP;
use Carp;


############################################################
# General global variables
#
my $debug = 1;

my %subnets;    # Subnet values
my %domains;    # Local domain names
my %nodirect;   # Flag to indicate that no direct access is available
my %proxies;    # proxy server(s) (array of proxies) for subnets

############################################################
# Proxy configuration details
#

# Direct services (these services should _always_ be accessed directly)
my @direct_services = (
NetAddr::IP->new("137.111.215.70/32"),
NetAddr::IP->new("137.111.215.80/32"),
NetAddr::IP->new("137.111.215.81/32"),
NetAddr::IP->new("127.0.0.1/32"), # Localhost
NetAddr::IP->new("10.0.0.0/8"), # Private subnet (RFC1918)
NetAddr::IP->new("172.16.0.0/12"), # Private subnet (RFC1918)
NetAddr::IP->new("192.168.0.0/16"), # Private subnet (RFC1918)
);

# Direct clients (these clients should _always_ make direct accesses)
my @direct_clients = (
NetAddr::IP->new("137.111.128.38/32"), # Buddy terminal with IP subscription to ERU Database
);

# Unimacq in general
$proxies{unimacq} = ["wwwproxy.unimacq.edu.au:8000"];
$subnets{unimacq} = [
NetAddr::IP->new("137.111.0.0/16"),
NetAddr::IP->new("192.43.207.0/24"),
NetAddr::IP->new("192.43.209.0/24"),
NetAddr::IP->new("192.101.254.0/24"),
NetAddr::IP->new("202.0.67.0/24"),
NetAddr::IP->new("202.0.68.0/24"),
NetAddr::IP->new("203.0.40.0/24"),
NetAddr::IP->new("203.0.141.0/24"),
NetAddr::IP->new("203.2.80.0/20"),
NetAddr::IP->new("203.3.164.0/23"),
NetAddr::IP->new("203.4.164.0/22"),
NetAddr::IP->new("203.5.64.0/21"),
NetAddr::IP->new("203.9.128.0/21"),
NetAddr::IP->new("203.12.140.0/24"),
NetAddr::IP->new("203.14.107.0/24"),
NetAddr::IP->new("203.16.40.0/21"),
NetAddr::IP->new("203.17.189.0/24"),
NetAddr::IP->new("203.18.231.0/24"),
NetAddr::IP->new("203.22.108.0/23"),
NetAddr::IP->new("203.26.118.0/24"),
NetAddr::IP->new("203.26.134.0/24"),
NetAddr::IP->new("203.28.230.0/23"),
NetAddr::IP->new("203.28.240.0/20"),
NetAddr::IP->new("203.62.232.0/23"),
NetAddr::IP->new("210.8.192.0/22"),
NetAddr::IP->new("172.16.1.0/22"),
NetAddr::IP->new("172.16.4.0/22"),
NetAddr::IP->new("172.16.8.0/21"),
NetAddr::IP->new("172.28.0.0/14"),
];
$domains{unimacq} = [
".unimacq.edu.au",
".agrigate.edu.au",
".muprivate.edu.au",
".mq.oz.au",
];

# Chemical Engineering
$nodirect{chemeng} = 1;
$proxies{chemeng} = ["proxy.chemeng.unimacq.edu.au:8000"];
$subnets{chemeng} = [
NetAddr::IP->new("137.111.204.0/24"),
NetAddr::IP->new("137.111.247.0/24"),
NetAddr::IP->new("137.111.19.192/26"),
NetAddr::IP->new("137.111.205.69/32"),
NetAddr::IP->new("137.111.205.121/32"),
];
$domains{chemeng} = [".chemeng.unimacq.edu.au"];

## The Department formerly known as the Department of Engineering Computer Resources
#$proxies{decr} = ["wwwproxy.ecr.mq.oz.au:80"];
#$subnets{decr} = [
#NetAddr::IP->new("137.111.71.0/24"),
#];

# Computer Science
$proxies{cs} = ["calamari.cs.mq.oz.au:3128"];
$subnets{cs} = [
NetAddr::IP->new("137.111.26.0/24"),
NetAddr::IP->new("137.111.22.3/32"),
NetAddr::IP->new("137.111.22.134/32"),
NetAddr::IP->new("137.111.27.66/31"),
NetAddr::IP->new("137.111.27.130/31"),
NetAddr::IP->new("137.111.27.135/32"),
NetAddr::IP->new("137.111.27.194/31"),
];

# The Department Of Medicine, St. Vincents Hospital
$nodirect{medstv} = 1;
$proxies{medstv} = ["proxy.medstv.unimacq.edu.au:3128"];
$subnets{medstv} = [
NetAddr::IP->new("137.111.71.0/24"),
NetAddr::IP->new("137.111.216.0/24"),
];

# Student Access Labs
$proxies{stud} = ["wwwproxy.student.unimacq.edu.au:8000"];
$subnets{stud} = [
NetAddr::IP->new("203.5.71.64/26"), # Forest and Ecosystem Science
NetAddr::IP->new("203.5.71.128/26"),
NetAddr::IP->new("137.111.8.210/31"), # Vet Science
NetAddr::IP->new("137.111.8.212/30"),
NetAddr::IP->new("137.111.8.216/29"),
NetAddr::IP->new("137.111.8.224/28"),
NetAddr::IP->new("137.111.8.240/29"),
NetAddr::IP->new("137.111.8.248/31"),
NetAddr::IP->new("137.111.8.250/32"),
NetAddr::IP->new("137.111.119.0/24"), # SPIN nets
NetAddr::IP->new("137.111.16.0/24"),
NetAddr::IP->new("137.111.35.0/26"), # request from Phill Solomon - Terrence, 2006.03.08
NetAddr::IP->new("137.111.129.0/24"),
NetAddr::IP->new("137.111.130.0/24"), # WAN wireless SPIN
NetAddr::IP->new("137.111.148.0/26"),
# NetAddr::IP->new("137.111.174.0/24"), # removed by request from Peter Straffon - Terrence, 2006.02.02
NetAddr::IP->new("137.111.181.0/24"),
NetAddr::IP->new("137.111.187.0/24"),
NetAddr::IP->new("137.111.245.64/26"), # request from Anthony Quach - Terrence, 2006.03.08
NetAddr::IP->new("137.111.253.0/24"),
NetAddr::IP->new("137.111.46.0/24"),
NetAddr::IP->new("137.111.127.0/24"),
NetAddr::IP->new("137.111.156.0/24"),
NetAddr::IP->new("137.111.135.0/24"), # Architecture Student Lab
NetAddr::IP->new("137.111.48.192/27"), # Medley College lab
NetAddr::IP->new("137.111.48.224/28"),
NetAddr::IP->new("137.111.48.240/29"),
NetAddr::IP->new("137.111.48.248/30"),
NetAddr::IP->new("137.111.48.252/31"),
NetAddr::IP->new("137.111.48.254/32"),
NetAddr::IP->new("137.111.162.66/31"), # 162 low
NetAddr::IP->new("137.111.162.68/30"),
NetAddr::IP->new("137.111.162.72/29"),
NetAddr::IP->new("137.111.162.80/28"),
NetAddr::IP->new("137.111.162.96/28"),
NetAddr::IP->new("137.111.162.112/29"),
NetAddr::IP->new("137.111.162.120/30"),
NetAddr::IP->new("137.111.162.124/31"),
NetAddr::IP->new("137.111.162.126/32"),
NetAddr::IP->new("137.111.162.130/31"), # 162 mid
NetAddr::IP->new("137.111.162.132/30"),
NetAddr::IP->new("137.111.162.136/29"),
NetAddr::IP->new("137.111.162.144/28"),
NetAddr::IP->new("137.111.162.160/28"),
NetAddr::IP->new("137.111.162.176/29"),
NetAddr::IP->new("137.111.162.184/30"),
NetAddr::IP->new("137.111.162.188/31"),
NetAddr::IP->new("137.111.162.190/32"),
NetAddr::IP->new("137.111.162.194/31"), # 162 high
NetAddr::IP->new("137.111.162.196/30"),
NetAddr::IP->new("137.111.162.200/29"),
NetAddr::IP->new("137.111.162.208/28"),
NetAddr::IP->new("137.111.162.224/28"),
NetAddr::IP->new("137.111.162.240/29"),
NetAddr::IP->new("137.111.162.248/30"),
NetAddr::IP->new("137.111.162.252/31"),
NetAddr::IP->new("137.111.162.254/32"),
NetAddr::IP->new("137.111.201.129/32"), # SPIN VPN
NetAddr::IP->new("137.111.201.130/31"),
NetAddr::IP->new("137.111.201.132/30"),
NetAddr::IP->new("137.111.201.136/29"),
NetAddr::IP->new("137.111.201.144/28"),
NetAddr::IP->new("137.111.201.160/27"),
NetAddr::IP->new("137.111.201.192/27"),
NetAddr::IP->new("137.111.201.224/28"),
NetAddr::IP->new("137.111.201.240/29"),
NetAddr::IP->new("137.111.201.248/30"),
NetAddr::IP->new("137.111.201.252/31"),
NetAddr::IP->new("137.111.201.254/32"),
NetAddr::IP->new("137.111.202.129/32"),
NetAddr::IP->new("137.111.202.130/31"),
NetAddr::IP->new("137.111.202.132/30"),
NetAddr::IP->new("137.111.202.136/29"),
NetAddr::IP->new("137.111.202.144/28"),
NetAddr::IP->new("137.111.202.160/27"),
NetAddr::IP->new("137.111.202.192/27"),
NetAddr::IP->new("137.111.202.224/28"),
NetAddr::IP->new("137.111.202.240/29"),
NetAddr::IP->new("137.111.202.248/30"),
NetAddr::IP->new("137.111.202.252/31"),
NetAddr::IP->new("137.111.202.254/32"),
NetAddr::IP->new("137.111.203.129/32"),
NetAddr::IP->new("137.111.203.130/31"),
NetAddr::IP->new("137.111.203.132/30"),
NetAddr::IP->new("137.111.203.136/29"),
NetAddr::IP->new("137.111.203.144/28"),
NetAddr::IP->new("137.111.203.160/27"),
NetAddr::IP->new("137.111.203.192/27"),
NetAddr::IP->new("137.111.203.224/28"),
NetAddr::IP->new("137.111.203.240/29"),
NetAddr::IP->new("137.111.203.248/30"),
NetAddr::IP->new("137.111.203.252/31"),
NetAddr::IP->new("137.111.203.254/32"),
];

############################################################
# Main program
#

# Extract information about the accessing host
my $remote_addr = NetAddr::IP->new( exists( $ENV{'REMOTE_ADDR'} ) ?
                                    $ENV{'REMOTE_ADDR'} :
                                    "" );
croak "Invalid value for REMOTE_ADDR - Terminating" unless ($remote_addr);

# Check remote address against special proxy config subnets
my $in_subnet = "";
my $in_unimacq = 0;
my $direct_client = 0;
for my $subnet (keys %subnets) {
    if ( grep { $remote_addr->within($_) } @{$subnets{$subnet}} ) {
        if ( $subnet eq "unimacq" ) {
            $in_unimacq = 1;
        } else {
            $in_subnet = $subnet;
        }
    }
}
$in_subnet = "unimacq" if ( $in_subnet eq "" );
$direct_client = 1 if ( grep { $remote_addr->within($_) } @direct_clients );

if($debug == 1) {
    open (LOG, ">>/tmp/whichproxy-farm");
    print LOG $remote_addr, " in subnet $in_subnet (Proxy is ";
    print LOG "$_ " for @{$proxies{$in_subnet}};
    print LOG ")\n";
    close LOG;
}

# Print out proxy.pac for this host
print "Content-type: application/x-ns-proxy-autoconfig\n\n" .
      "function FindProxyForURL(url, host)\n" .
      "{\n";

##
## requested by Ben Healy from Antivirus renewal project - Terrence, 2006.02.06
##
## wwwproxy.unimacq.edu.au:8000 blocks all the student labs. "return DIRECT" 
## still kick people in Uni Network - Terrence, 2006.02.06
##
#print "  if (\n" .
#      "      dnsDomainIs(host, \".mcafee.com\")\n" .
#      "      )\n" .
#      "      return \"PROXY wwwproxy.unimacq.edu.au:8000; DIRECT\"\;\n" .
#      "\n";

if ( ! $in_unimacq || $direct_client ) {
    print "  return \"DIRECT\";\n";
} elsif (exists $nodirect{$in_subnet}) {
    # No direct access exists, force everything through the proxy except for 'direct only' services
    print "  if (\n";
    print "      dnsDomainIs(host, \"$_\") ||\n" for @{$domains{$in_subnet}};
    print "      isInNet(host, \"" . $_->addr . "\", \"" . $_->mask . "\") ||\n" for @direct_services;
    print "      isPlainHostName(host)\n" .
          "      )\n" .
          "      return \"DIRECT\";\n" .
          "  else\n" .
          "      return \"";
    print "PROXY $_; " for @{$proxies{$in_subnet}};
    print "\";\n";
} else {
    # University hosts with direct access should go direct to any university
    # site. This can be determined by domain name and/or IP address.
    # Note - having explicit domain names (instead of just relying on ip checks)
    # is a good idea because it will cut down on DNS lookups by the client.
    print "  if (\n";
    print "      dnsDomainIs(host, \"$_\") ||\n" for @{$domains{unimacq}};
    if ( $in_subnet ne "unimacq" ) {
        print "      dnsDomainIs(host, \"$_\") ||\n" for @{$domains{$in_subnet}}
    }
    print "      isInNet(host, \"" . $_->addr . "\", \"" . $_->mask . "\") ||\n" for @{$subnets{unimacq}};
    print "      isInNet(host, \"" . $_->addr . "\", \"" . $_->mask . "\") ||\n" for @direct_services;
    ## requestd by James Harris for Anti-Virus websites - Terrence, 2006.03.17
    print "      isInNet(host, \"216.49.88.0\", \"255.255.255.0\") ||\n";
    print "      isInNet(host, \"70.84.206.214\", \"255.255.255.255\") ||\n";
    print "      isInNet(host, \"61.8.0.16\", \"255.255.255.255\") ||\n";
    print "      isInNet(host, \"203.16.234.78\", \"255.255.255.255\") ||\n";
    print "      isInNet(host, \"203.28.142.36\", \"255.255.255.255\") ||\n";
    print "      shExpMatch(url, \"*http://www.iavs.cz/iavs4x*\";) ||\n";
    print "      shExpMatch(url, \"*http://download[1-9].avast.com/iavs4x*\";) ||\n";
    print "      shExpMatch(url, \"*http://download[1-3][0-9].avast.com/iavs4x*\";) ||\n";
    print "      shExpMatch(url, \"*http://download4[0-5].avast.com/iavs4x*\";) ||\n";
    print "      isPlainHostName(host)\n" .
    print "      isPlainHostName(host)\n" .
          "      )\n" .
          "      return \"DIRECT\";\n" .
          "  else\n" .
          "      return \"";
    print "PROXY $_; " for @{$proxies{$in_subnet}};
    print "DIRECT\";\n";
}

print "}\n";


[root@squatter bin]# cat /tmp/ibproxy.pac
#!/usr/local/bin/perl

$debug = 0;

srand (time() ^ ($$ + ($$ << 15)) );
open (LOG, ">>/tmp/ibproxy-farm") if $debug == 1;

$name = $ENV{'REMOTE_HOST'};
$ip = $subnet = $ENV{'REMOTE_ADDR'};
$subnet =~ s/^(.+)\.(\d+)$/$1/;

$proxy = "ibproxy.unimacq.edu.au:8000";

print LOG $ip," sent to ",$proxy,"\n" if $debug == 1;
close LOG if $debug == 1;

print STDOUT 'Content-type: application/x-ns-proxy-autoconfig

function FindProxyForURL(url, host)
{
	urllen = host.length;
	lchost = host.toLowerCase();
	if (! host.indexOf(".",0) ) 
		return "DIRECT";
	if (lchost.substring(urllen-14,urllen) == "unimacq.edu.au" )
		return "PROXY ' . $proxy . ';  DIRECT";
	if (lchost.substring(urllen-8,urllen) == "mq.oz.au" )
		return "PROXY ' . $proxy . ';  DIRECT";
	else
		return "DIRECT";
}
';

#$bname = "($name)"; 
printf STDERR "PAC: %-15s %-50s -> %-20s\n", $ip ,$bname, $proxy if $debug == 2;


Tip: Be careful of the load on the boxes running these scripts!!!
Prev by Date: set up dual monitors with two nVidia Cards on Fedora Core 4
Next by Date: SOA, AJAX and REST: The Software Industry Devolves into the Fashion Industry <http://www.25hoursaday.com/weblog/PermaLink.aspx?guid=018ea507-4a62-4493-b01b-321e3672d725>
Previous by thread: set up dual monitors with two nVidia Cards on Fedora Core 4
Next by thread: SOA, AJAX and REST: The Software Industry Devolves into the Fashion Industry <http://www.25hoursaday.com/weblog/PermaLink.aspx?guid=018ea507-4a62-4493-b01b-321e3672d725>
Index(es):
- Main
- Thread