DOCSLIB.ORG

Hypertext Transfer Protocol

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hypertext Transfer Protocol Hypertext Transfer Protocol Ing. Pierluigi Gallo HTTP Hypertext Transfer Protocol used in the WWW protocol used for communication between web browsers and web servers client-server paradigm TCP port 80 RFC 1945 Ing. Pierluigi Gallo Introduction to HTTP 80% of Internet flows are HTTP connections Early protocol is HTTP 0.9 read only Today we use HTTP 1.0 read, input, delete, ... New version: HTTP 1.1 performance optimizations Ing. Pierluigi Gallo HTTP Overview Client (browser) sends HTTP request to server Request specifies affected URL Request specifies desired operation Server performs operation on URL Server sends response Request and reply headers are in pure text Ing. Pierluigi Gallo Static Content and HTML Most static web content is written in HTML HTML allows Text formatting commands Embedded objects Links to other objects Server need not understand or interpret HTML Ing. Pierluigi Gallo URI,URN,URL RFC 3305 Uniform Resource Identifier Identifies a resource Uniform Resource Name The name of the resource with in a namespace like a person’s name Uniform Resource Locator How to find the resource, a URI that says how to find the resource like a person street address URI concept is more general than its use in web pages (XML, …) Ing. Pierluigi Gallo HTTP - URLs URL Uniform Resource Locator protocol (http, ftp, news) host name (name.domain name) port (80, 8080, …) directory path to the resource resource name absolute relative http://www.tti.unipa.it/~pg/pg/Teaching.html http://xxx.myplace.com:80/cgi-bin/t.exe Ing. Pierluigi Gallo URI examples http://example.org/absolute/URI/with/absolute/ path/to/resource.txt ftp://example.org/resource.txt urn:issn:1535-3613 /relative/URI/with/absolute/path/to/resource.txt relative/path/to/resource.txt ../../../resource.txt ./resource.txt#frag01 Ing. Pierluigi Gallo HTTP - methods Methods GET retrieve a URL from the server simple page request depending on the requested page: run a CGI program run a CGI with arguments attached to the URL POST preferred method for forms processing run a CGI program parameterized data in sysin more secure and private Ing. Pierluigi Gallo HTTP - methods Methods (cont.) PUT Used to transfer a file from the client to the server HEAD requests URLs status header only used for conditional URL handling for performance enhancement schemes retrieve URL only if not in local cache or date is more recent than cached copy DELETE deletes page from server Ing. Pierluigi Gallo req-resp approach client-server network protocol in use by the World-Wide Web since 1990 request-response HTTP request messages for HTML pages, images, scripts and styles sheets. Web servers handle these requests by returning response messages that contain the requested resource. Ing. Pierluigi Gallo Example of an HTTP Exchange Client Server GET www.cs.virginia.edu Retrieve Data From Disk Ing. Pierluigi Gallo Fetching Multiple Objects Most web-pages contain embedded objects (e.g., images, backgrounds, etc) Browser requests HTML page Server sends HTML file Browser parses file and requests embedded objects Server sends requested objects Ing. Pierluigi Gallo Fetching Embedded Objects Client Server GET www.cs.virginia.edu Retrieve Data From Disk GET image.gif Retrieve Image From Disk Ing. Pierluigi Gallo HTTP Request Packets Sent from client to server Consists of HTTP header header is hidden in browser environment contains: content type / mime type content length user agent - browser issuing request content types user agent can handle HTTP 1.1 is the and a URL latest version GET /simtec/httpgallery/introduction/ HTTP/1.1 Accept:*/* Accept-Language: en-gb Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0) Host: www.httpwatch.com Ing. PierluigiConnection: Gallo Keep-Alive HTTP Request Headers Precede HTTP Method requests headers are terminated by a blank line Header Fields: From Accept Accept-Encoding Accept Language Ing. Pierluigi Gallo HTTP 1.1 vs 1.0 Additional Methods (PUT, DELETE, TRACE, CONNECT + GET, HEAD, POST) Additional Headers Transfer Coding (chunk encoding) Persistent Connections (content-length matters) Request Pipelining Ing. Pierluigi Gallo HTTP 1.0 Client opens a separate TCP connection for each requested object Object is served and connection is closed Advantages maximum concurrency Limitations TCP connection setup/tear-down overhead TCP slow start overhead Ing. Pierluigi Gallo HTTP 1.0 connect() Client SYN Server SYN, ACK write() ACK, GET www.cs.virginia.edu Retrieve Data From Disk close() connect() SYN SYN, ACK write() ACK, GET image.gif Retrieve Image From Disk Ing. Pierluigiclose() Gallo HTTP 1.1 To avoid a connection per object model, HTTP 1.1 supports persistent connections Client opens TCP connection to server All requests use same connection Problems Less concurrency Server does not know when to close idle connections Ing. Pierluigi Gallo HTTP 1.1 connect() Client SYN Server SYN, ACK write() ACK, GET www.cs.virginia.edu Retrieve Data From Disk write() GET image.gif Retrieve Image From Disk close() Ing. Pierluigi Gallo Server Side Close() Client Server connect() SYN Set timeout SYN, ACK Reset write() ACK, GET www.cs.virginia.edu timeout Retrieve Data From Disk GET image.gif write() Retrieve Image From Disk Timeout! Ing. Pierluigi Gallo close() CGI Scripts Common Gateway Interface web server software can delegate the generation of web pages to a stand-alone application, an executable file. CGI scripts are URLs with a .cgi extension The script is a program (e.g., C, JAVA, …) When the URL is requested, server invokes the named script, passing to it client info Script outputs HTML page to standard output (redirected to server) Server sends page to client Ing. Pierluigi Gallo CGI Execution fork() CGI Server Script Send page Request Response Ing. Pierluigi Gallo Modified-Since: Used with GET to make a conditional GET if requested document has not been modified since specified date a Modified 304 header is sent back to client instead of document client can then display cached version Ing. Pierluigi Gallo Status Header “HTTP/1.0 sp code” Codes: 1xx - reserved for future use 2xx - successful, understood and accepted 3xx - further action needed to complete 4xx - bad syntax in client request 5xx - server can’t fulfill good request Ing. Pierluigi Gallo HTTP Response Headers Sent by server to client browser Status Header Entities Content-Encoding: Content-Length: Content-Type: Expires: Last-Modified: extension-header Body – content (usually html) Ing. Pierluigi Gallo Status Codes 200 OK 401 unauthorized 201 created 403 forbidden 202 accepted 404 not found 204 no content 500 int. server error 301 moved perm. 501 not impl. 302 moved temp 502 bad gateway 304 not modified 503 svc not avail 400 bad request Ing. Pierluigi Gallo Statelessness Because of the Connect, Request, Response, Disconnect nature of HTTP it is said to be a stateless protocol i.e. from one web page to the next there is nothing in the protocol that allows a web program to maintain program “state” (like a desktop program). “state” can be maintained by “witchery” or “trickery” if it is needed Ing. Pierluigi Gallo Maintaining program “state” Hidden variables (<input type=hidden> Sessions Special header tags interpreted by the server Used by ASP, PHP, JSP Implemented at the language api level Ing. Pierluigi Gallo HTTPS Secure Hypertext Transport Protocol Ing. Pierluigi Gallo SSL vs S-HTTP Secure Sockets Layer (SSL) protocol has become the Internet’s key “secure protocol” supports security across a variety of Internet transfer protocols (FTP, HTTP, IRC, etc…) Support public keys and private key. Ing. Pierluigi Gallo Introduction S-HTTP Secure Hypertext Transport Protocols (S-HTTP) - Is a modified version of the Hypertext Transport Protocols (HTTP). - Encryption for Web documents. - Provides the client (browser) the ability to verify message by using a Message Authentication Code (MAC). - Primary purpose is to enable commercial transactions within a wide range of applications. Ing. Pierluigi Gallo S-HTTP Methods Signature Encryption Message sender Authenticity Ing. Pierluigi Gallo S-HTTP vs HTTP HTTP message S-HTTP message message body encrypted message message header body message header Ing. Pierluigi Gallo 3 steps how server create S-HTTP message Server Encrypt Methods List KPCS-7 RSA Diffie- Hellman Encrypt Method KPCS-7 Client Encrypt Methods List KPCS-7 RSA Diffie- Hellman Server compares encryption lists and selection. Ing. Pierluigi Gallo from the plain text to the encrypted message Public-Key Cryptography Standards (PKCS) S-http header Client’s PKCS-7 <html> !@##$$%%* PKCS-7 This is This is !@##$$%%* @***&^&^%$ my PKCS-7 @***&^&^%$ @#$$@@!&^ my Session message @#$$@@!&^ Key message </html> RFC 2315. Used to sign and/or encrypt messages under a PKI. Used also for certificate dissemination (for instance as a response to a PKCS#10 message). Formed the basis for S/MIME, which is as of 2010 based on RFC 5652, an updated Cryptographic Message Syntax Standard (CMS). Often used for single sign-on. Ing.PKCS Pierluigi Gallo Cryptographic Algorithm and digital signature modes for S-HTTP S-HTTP provides message protection in 3 ways: Digital signature Message authentication Message encryption Ing. Pierluigi Gallo Further readings Hypertext Transfer Protocol -- HTTP/1.1 RFC 2616 Hypertext Transfer Protocol -- HTTP/1.0 RFC 1945 Upgrading
Load more

Recommended publications
  • Know Before You Go
    Know Before You Go NORWAY A Guide to Keep You Safe Abroad provided by: Pathways to Safety International Updated May 2019 KNOW BEFORE YOU GO: NORWAY 2 Let’s be perfectly clear, the number one way to prevent sexual assault is to not rape. While the responsibility of ending sexual gender based violence is on the perpetrators, this guide will offer general safety tips, country-specific information, and resources to help prevent and prepare travelers for the possibility of sexual assault abroad. GENERAL SAFETY TIPS: 1. Use the buddy system and travel with friends. 7 out of 10 2. Be aware of social and cultural norms. For example, looking at someone in rapes are the eyes when you speak to them is perfectly normal in the U.S., but in committed another country that could signify you’re interested in the person. by someone known to the 3. Recognize controlling behavior when entering a relationship. Most rape 1 survivors recall feeling “uncomfortable” about some of their partner’s behaviors victim such as degrading jokes/language or refusal to accept “no” as an answer, whether in a sexual context or otherwise.2 4. Avoid secluded places where you could be more vulnerable. Meet new people in public spaces and let a trusted friend know where you’ll be beforehand. Always have a backup plan in mind. 5. Trust your gut. Many victims have a “bad feeling” right before an assault takes place. It’s okay to leave a situation that is making you feel uncomfortable. Stay alert and aware in new social settings and places.
    [Show full text]
  • Poster: Introducing Massbrowser: a Censorship Circumvention System Run by the Masses
    Poster: Introducing MassBrowser: A Censorship Circumvention System Run by the Masses Milad Nasr∗, Anonymous∗, and Amir Houmansadr University of Massachusetts Amherst fmilad,[email protected] ∗Equal contribution Abstract—We will present a new censorship circumvention sys- side the censorship regions, which relay the Internet traffic tem, currently being developed in our group. The new system of the censored users. This includes systems like Tor, VPNs, is called MassBrowser, and combines several techniques from Psiphon, etc. Unfortunately, such circumvention systems are state-of-the-art censorship studies to design a hard-to-block, easily blocked by the censors by enumerating their limited practical censorship circumvention system. MassBrowser is a set of proxy server IP addresses [14]. (2) Costly to operate: one-hop proxy system where the proxies are volunteer Internet To resist proxy blocking by the censors, recent circumven- users in the free world. The power of MassBrowser comes from tion systems have started to deploy the proxies on shared-IP the large number of volunteer proxies who frequently change platforms such as CDNs, App Engines, and Cloud Storage, their IP addresses as the volunteer users move to different a technique broadly referred to as domain fronting [3]. networks. To get a large number of volunteer proxies, we This mechanism, however, is prohibitively expensive [11] provide the volunteers the control over how their computers to operate for large scales of users. (3) Poor QoS: Proxy- are used by the censored users. Particularly, the volunteer based circumvention systems like Tor and it’s variants suffer users can decide what websites they will proxy for censored from low quality of service (e.g., high latencies and low users, and how much bandwidth they will allocate.
    [Show full text]
  • Network Working Group T. Berners-Lee Request for Comments: 3986 W3C/MIT STD: 66 R
    Network Working Group T. Berners-Lee Request for Comments: 3986 W3C/MIT STD: 66 R. Fielding Updates: 1738 Day Software Obsoletes: 2732, 2396, 1808 L. Masinter Category: Standards Track Adobe Systems January 2005 Uniform Resource Identifier (URI): Generic Syntax Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource. This specification defines the generic URI syntax and a process for resolving URI references that might be in relative form, along with guidelines and security considerations for the use of URIs on the Internet. The URI syntax defines a grammar that is a superset of all valid URIs, allowing an implementation to parse the common components of a URI reference without knowing the scheme-specific requirements of every possible identifier. This specification does not define a generative grammar for URIs; that task is performed by the individual specifications of each URI scheme. Berners-Lee, et al. Standards Track [Page 1] RFC 3986 URI Generic Syntax January 2005 Table of Contents 1. Introduction . 4 1.1. Overview of URIs . 4 1.1.1. Generic Syntax . 6 1.1.2. Examples . 7 1.1.3. URI, URL, and URN . 7 1.2. Design Considerations .
    [Show full text]
  • A Framework for Auto-ID Enabled Business
    A Framework for Auto-ID Enabled Business by Timothy Porter Milne M.S. Mechanical Engineering, 1995 Brigham Young University B.S. Mechanical Engineering, 1992 Brigham Young University Submitted to the Department of Mechanical Engineering in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY MASSACHUSETTS INSTITUTEINSTITUTE August 8, 2003 OF TECHNOL OGY OCT 0 6 ©2003 Massachusetts Institute of Technology All Rights Reserved. LIBRAR IES Signature of Author:................................ ....... .. ............. Departm of Mechanic Engineering (V August 8, 2003 C ertified by:............................................... Sanjay E. Sarma Associat e Professor of Mechanical Engineering Thesis Supervisor A ccepted by:......................................... Ain A. Sonin Chairman, Department Committee on Graduate Students BARKER A Framework for Auto-ID Enabled Business by Timothy Porter Milne Submitted to the Department of Mechanical Engineering August 8, 2003 In partial fulfillment of the requirements for the degree of Master of Science ABSTRACT Modern commerce is as much about trading information as it is about exchanging goods and money. With an Auto-ID enabled future, the expeditious exchange of information will be even more critical. The fundamental problem with e-commerce today is the soft connection between goods and their related information, which frequently results in breakdowns between the physical and information worlds. The Auto-ID Center at MIT has proposed a system using Radio Frequency Identification (RFID) tags on objects, coupled with a distributed information system using the Internet, that will allow the tracking of physical objects and the automatic association of relevant data about those objects. This thesis outlines a framework for a new method of using Auto-ID to connect the physical world to the information world using an example from commerce: Shipping and Receiving Verification.
    [Show full text]
  • In Computer Networks, A
    Practical No.1 Date:- Title:- Installation of Proxy-Server Windows Server 2003 What is proxy server? In computer networks, a proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request wit hout contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly . Most proxies are a web proxy, allowing access to content on the World Wide Web. A proxy server has a large variety of potential purposes, including: To keep machines behind it anonymous (mainly for security).[1] To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.[2] To apply access policy to network services or content, e.g. to block undesired sites. To log / audit usage, i.e. to provide company employee Internet usage reporting. To bypass security/ parental controls. To scan transmitted content for malware before delivery.
    [Show full text]
  • FAA-STD-075, Creating Service Identifiers
    FAA-STD-075 June 29, 2021 SUPERSEDING FAA-STD-063 May 1, 2009 U.S. Department of Transportation Federal Aviation Administration U.S. Department of Transportation Federal Aviation Administration Standard Practice CREATING SERVICE IDENTIFIERS FAA-STD-075 June 29, 2021 FOREWORD This standard is approved for use by all Departments of the Federal Aviation Administration (FAA). This standard sets forth requirements for creating globally-unique identifiers for FAA service-oriented architecture (SOA)-based services. This standard has been prepared in accordance with FAA-STD-068, Department of Transportation Federal Aviation Administration, Preparation of Standards [STD068]. Comments, suggestions, or questions on this document shall be addressed to: Federal Aviation Administration System Wide Information Management (SWIM) Program Office, AJM-316 800 Independence Avenue, SW Washington, DC 20591 https://www.faa.gov/air_traffic/technology/swim/contacts/ i FAA-STD-075 June 29, 2021 Table of Contents 1 SCOPE ..................................................................................................................................................1 1.1 INTRODUCTION ...........................................................................................................................................1 1.2 INTENDED AUDIENCE ....................................................................................................................................1 1.3 BASIC CONCEPTS .........................................................................................................................................2
    [Show full text]
  • Globally Unique Flight Identifier (GUFI) Format and Content
    Globally Unique Flight Identifier (GUFI) Format and Content A collaborative effort to establish the Flight Information Exchange Model (FIXM) has been underway for several years. A key component of the flight model is a Globally Unique Flight Identifier (GUFI) that is included on every Air Traffic Management (ATM) flight data transaction to unambiguously identify the flight to which the data applies. The June 23, purpose of the GUFI is to eliminate problems that have occurred in the past when 2014 systems try to accurately correlate data that is received from many other systems. This paper discusses the format and content of the GUFI. Version: 2.1 GUFI Format Version 2.1 Table of Contents Document History ........................................................................................................................................ 3 1 Introduction .......................................................................................................................................... 4 2 Background/Discussion ......................................................................................................................... 4 2.1 Purpose ..................................................................................................................................... 4 2.2 General Concept ....................................................................................................................... 4 2.3 General Approaches .................................................................................................................
    [Show full text]
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield
    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
    [Show full text]
  • How to Download Torrent Anonymously How to Download Torrent Anonymously
    how to download torrent anonymously How to download torrent anonymously. Completing the CAPTCHA proves you are a human and gives you temporary access to the web property. What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices. Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the Chrome Web Store. Cloudflare Ray ID: 66b6c3aaaba884c8 • Your IP : 188.246.226.140 • Performance & security by Cloudflare. Download Torrents Anonymously: 6 Safe And Easy Ways. Who doesn’t want to know how to download torrents anonymously? The thing is, in order to download torrents anonymously you don’t need to have a lot of technical know-how. All you need to download torrents anonymously is some grit and a computer with an internet connection. The technology world never remains the same. In fact, new development and discoveries come to the surface of this industry every day. They also come into the attention of online users every year. Moreover, this allows us to do much more than we could do in the past, in faster and easier ways. A highly relevant aspect to mention at this stage is that: Now we can also download torrents anonymously from best torrent sites.
    [Show full text]
  • World-Wide Web Proxies
    World-Wide Web Proxies Ari Luotonen, CERN Kevin Altis, Intel April 1994 Abstract 1.0 Introduction A WWW proxy server, proxy for short, provides access to The primary use of proxies is to allow access to the Web the Web for people on closed subnets who can only access from within a firewall (Fig. 1). A proxy is a special HTTP the Internet through a firewall machine. The hypertext [HTTP] server that typically runs on a firewall machine. server developed at CERN, cern_httpd, is capable of run- The proxy waits for a request from inside the firewall, for- ning as a proxy, providing seamless external access to wards the request to the remote server outside the firewall, HTTP, Gopher, WAIS and FTP. reads the response and then sends it back to the client. cern_httpd has had gateway features for a long time, but In the usual case, the same proxy is used by all the clients only this spring they were extended to support all the within a given subnet. This makes it possible for the proxy methods in the HTTP protocol used by WWW clients. Cli- to do efficient caching of documents that are requested by ents don’t lose any functionality by going through a proxy, a number of clients. except special processing they may have done for non- native Web protocols such as Gopher and FTP. The ability to cache documents also makes proxies attrac- tive to those not inside a firewall. Setting up a proxy server A brand new feature is caching performed by the proxy, is easy, and the most popular Web client programs already resulting in shorter response times after the first document have proxy support built in.
    [Show full text]
  • Introduction to the Course
    Introduction to the course 1 Introduzione alla programmazione web – Marco Ronchetti 2021 – Università di Trento Prerequirements § OOP + Java: essential! (Must have passed Linguaggi di Programmazione!) § Network fundamentals § Database § No need to already know HTML/HTTP etc. 2 Introduzione alla programmazione web – Marco Ronchetti 2021 – Università di Trento Topics § HTTP + HTML + CSS § Server side programming: PHP – Java, parameter passing, state problem… § Data access (DB) § Javascript – EcmaScript – Typescript § Patterns: MV* + … § AJAX/XML/JSON § JS frameworks/libraries: JQuery, (brief remarks on React, Angular…) § General considerations (accessibility, security…) 3 Introduzione alla programmazione web – Marco Ronchetti 2021 – Università di Trento We’ll use Piazza As soon as the dept Buys the licence For now we go with moodle (sigh) 4 Introduzione alla programmazione web – Marco Ronchetti 2021 – Università di Trento Exam § Similar to “Linguaggi di Programmazione – mod.1” § 1st part: output prediction of 8 brief code fragments + 8 true/fase questions (40 minutes) § 2nd part: small project development (4 hours) If possiBle, in presence. Else, Responsus+Moodle+VDI 5 Introduzione alla programmazione web – Marco Ronchetti 2021 – Università di Trento 6 Introduzione alla programmazione web – Marco Ronchetti 2021 – Università di Trento What is the difference between the Web and the Internet? 7 Introduzione alla programmazione web – Marco Ronchetti 2021 – Università di Trento What is the difference between the Web and the Internet? § "The
    [Show full text]
  • Proxy Auto-Config Files
    APPENDIX B Proxy Auto-Config Files Revised: July 15, 2010 Overview Proxy Auto-Configuration (PAC) is a method used by Web browsers to select a proxy for a given URL. The method for choosing a proxy is written as a JavaScript function contained in a PAC file. This file can be hosted locally or on a network. Browsers can be configured to use the file either manually or, in Microsoft Windows environments, automatically using Group Policy Objects. This appendix explains the basics of using PAC files. How PAC Files Work A PAC file is referenced each time a new URL is loaded. The host, for example cnn.com, the URL, for example cnn.com/images/logo.jpg, and other information such as the local machine IP address can be evaluated and rules based on this information used to determine whether to send the traffic via a proxy or direct to the Internet. The following example compares the URL requested by the user, with the URL ipcheckit.com/data/. If the URLs match, the PAC file will instruct the browser to send the request direct to the Internet. This can be used if you need to exception a section of a Web site from going via the Web Scanning Services; if the user had requested only ipcheckit.com, this rule would not apply: if (shExpMatch(url,"ipcheckit.com/data/*")) return "DIRECT"; In the next example the local IP address of the machine making a Web request is evaluated. If the IP address falls within the IP address range 10.10.1.* then the PAC file will send the request to proxy182.scansafe.net.
    [Show full text]