I’m deploying a pac file through jamf using the auto global http proxy. The purpose of this file is to block some traffic on the network level. We’re deploying the pac on iPhones.
I tried to use
|| shExpMatch(url, “*.pdf”)
to block any url with .pdf but iOS seems to just skip that line without implementing it. Am I doing something wrong or is there an apple specific function that I should use? thanks
I feel that should work.
Have you tried something like
url.substring(url.length-4) == ".pdf"
Maybe post more of your code and someone will spot an error elsewhere.
(BTW, make sure that the local server providing the PAC file to the devices is reliable, and set up monitoring for it. In my experience, if Safari (mac and iOS) cannot download the PAC file for some reason, it doesn't present a useful error message. When this happened to me it took a long time to track the problem down to a PAC file that I'd almost forgotten about.)
var blackhole = "PROXY 255.255.255.0:3421";
if (typeof(navigator) != "undefined"
&& navigator.appVersion.indexOf("Mac") != -1) {
blackhole = "PROXY 0.0.0.0:3421";
}
var localproxy = normal;
var bypass = normal;
///////////////////////////////////////////////////////////////////////////////
var isActive = 1;
function FindProxyForURL(url, host)
{
//DEBUG alert("checking: url=" + url);
// Suggestion from Quinten Martens
// Make everything lower case.
// WARNING: all shExpMatch rules following MUST be lowercase!
url = url.toLowerCase();
host = host.toLowerCase();
if (0
|| shExpMatch(url, "*.pdf")
) {
// deny this request
return blackhole;
} else {
return normal;
}
}
function _dnsDomainIs(host, domain) {
if (host.length > domain.length) {
return (host.substring(host.length - domain.length - 1) == "."+domain);
}
return (host == domain);
}```
Thanks, I posted the code below. The server is a local black hole that is reachable. I know it works because this
|| _dnsDomainIs(host, "api.giphy.com") blocks giphy.com
I want to block all incoming pdf's to our devices.
So far nothing is working. Can anyone please post an example, from my testing it seems iOS just skips over url.substring(url.length-4) == ".pdf”
Can anyone please post an example
I have something like this:
function FindProxyForURL(url, host)
{
if ( shExpMatch(host,"*.example.com")
|| host == "xyz.abc.com"
|| host == "abc.xyz.com"
) {
var c = "proxy.local";
return "PROXY "+c+":82; DIRECT";
} else {
return "DIRECT";
}
}
I don't see anything obviously wrong in your code (though the definition of "normal" is missing). Do you have any evidence that the code is actually being fetched and executed?
Yes, pac is being fetched. I’m having an issue specifically with the url string in the function . The host string works fine and executes. The second I switch the code from host to url it stopped working.
OK, I guess I have only ever looked at the host, not the url.
I set up an instance in aws with a net cat listener to log the pac file. I get a hot when I use the host var but not when I use the url var. Any ideas?
Hey, just seeing if anyone has any ideas. Still experiencing this issue
I know it's way too late, but we just hit this problem. Safari is stripping path and query from url before it passes to FindProxyForURL. So basically Safari passes domain name with protocol instead of url with path and query - instead of "https://forums.developer.apple.com/forums/thread/719939" Safari use "https://forums.developer.apple.com/" as url in FindProxyForURL Same with Chrome (you can't change the behaviour) and Firefox (you can override the default behaviour by setting an internal flag).