Versions Compared

Old Version 6

changes.mady.by.user Meir Davis

Saved on

compared with

New Version 7

changes.mady.by.user Meir Davis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Link to latest PAC version from repository: https://gitlab.com/agat-software/filter-devs/teams_protector/-/blob/efa810b60720d03c7d0cad727f53282a6c48879b/Config/PACs/pac_file.pac

Last updated 1306.0611.2023

Info

Version from 13.06.2023 includes a change from regular expressions to shell expressions. These are more widely supported by platforms other than Windows, including iOS.

Note that the proxy address is specified on line 5 only.

Code Block
languagejs
  
    function FindProxyForURL(url, host) {
	
	// Specify your proxy here: e.g. "Proxy 11.22.33.4:80"
	var agatProxy = "PROXY <Bastion IP>:<Bastion Port>"
	
	var ignorelist = new Array(
		"secure.aadcdn.microsoftonline-p.com",
		"statics.teams.microsoft.com");
	
	var proxylist = new Array(
			"*.sharepoint.com",
			"*.sharepointonline.com",
			"teams.microsoft.com",
			"*.ng.msg.teams.microsoft.com",
		    "pipe.skype.com",
			"*.notifications.teams.microsoft.com",
			"*.asyncgw.teams.microsoft.com",
			"*.agatskype.net",
			"*.msgapi.teams.microsoft.com",
			"substrate.office.com",
			"graph.microsoft.com",
            "*.trouter.teams.microsoft.com"
			);
			
	// Check if need to ignore
	for (var i
= 0; i < ignorelist.length; i++) {
		var value = ignorelist[i];
		if (dnsDomainIs(host, value)) {
			return "DIRECT";
		}
	}
	
	//One subdomain under teams
	if (shExpMatch(host, "*.teams.microsoft.com") && dnsDomainLevels(host) == 3){
		return agatProxy;
	}
	
	// Return our proxy name for matched domains/hosts
	for (var i = 0; i < proxylist.length; i++) {
		var value = proxylist[i];
		if (shExpMatch(host, value)) {
			return agatProxy;
		}
	}

	return "DIRECT";
}

 

General Explanations

  • The PAC file uses shell expressions. These are more widely supported by platforms other than Windows, including iOS. Use of regexes may cause unexpected behavior.

  • The PAC file is written to catch all single level subdomains of teams.microsoft.com (e.g. config.teams.microsoft.com) but not two level subdomains (e.g. api.flightproxy.teams.microsoft.com). Exceptions to this rule are explicitly specified (e.g. *.ng.msg.teams.microsoft.com).
    Adding a catch all subdomain rule will cause undesired behavior (e.g. shExpMatch(host, "*.teams.microsoft.com")



Note that the proxy address is specified on line 5 only.

URLs to whitelist in firewalls

...