iOS Pac File
After presenting a business plan to our Principal, I have been able to procure an iPad mini for each of my team. Â I believe that if we are all connected (via email, to our helpdesk, wiki and google drive) jobs will get completed sooner, can be handed between techs more smoothly and will enable notes to be written more quickly. Â Thankfully my Principal agreed and those iPads arrive today.
We’ve been running a BYOD scheme for staff and 6th form for some time. Â Although we’re not pushing the schemeÂ aggressively, it’s gathering a natural pace with around 80 devices connecting most days. Â I set up a Proxy.pac file for iOS devices some months ago and it seems to work well for the BYOD users, but my team will need access to more internal services.
Pac files can be unusual, especially on iOS. Â Also iOS devices can cache the file making trouble shooting that much more difficult. For myÂ benefitÂ as much as anyoneÂ else’s, here is the working version as it stands.
function FindProxyForURL(url, host)
if ((host==”localhost”) ||
shExpMatch(host, “*localhost.*”) ||
shExpMatch(host, “10.10.10.0/20”) ||
shExpMatch(host, “184.108.40.206/8”) ||
shExpMatch(host, “*moodle.school.com*”) ||
shExpMatch(host, “*wifi.school.com*”) ||
shExpMatch(host, “*proxy.school.com*”) ||
shExpMatch(host, “*lead.school.local*”) ||
shExpMatch(host, “*aluminium.school.local*”) ||
(host == “127.0.0.1”))
return “PROXY proxy.LEA.net:80”
To explain, 10.10.10.0/20 is our internal range of IPs.
220.127.116.11/8 is the apple range of public IPs – We have found apple devices prefer un-proxied access to home.
moodle.school.com – Our internally hosted moodle server.
wifi.school.com – Our internally hosted wifi controller (which users need to reauthenticate to every so often).
proxy.school.com – This is just an alias of our moodle server. It is where the proxy.pac file resides.
lead.school.local – This is the server hosting our helpdesk. Currently internal only (hence .local).
aluminium.school.local – This server runs our wiki and some other internal sites.
isPlainHostName – This rule allows us to connect to a simple host name. One of our workstations perhaps.
return “DIRECT”; – All the rules above should connect directly.
return “PROXY proxy.LEA.net:80” – If the request is not one stated, return the proxy address.
My goal in the not too distant future is to stop using the LEAs proxy server and run a transparent proxy in house.