Internet / proxy problems Internet Explorer (PAC file)Global (computer-wide) proxy settings from pac...
Should I file my taxes? No income, unemployed, but paid 2k in student loan interest
I've given my players a lot of magic items. Is it reasonable for me to give them harder encounters?
Short story about cities being connected by a conveyor belt
Who has more? Ireland or Iceland?
What is 'Log Memory' in Query Store 2017
Rationale to prefer local variables over instance variables?
If nine coins are tossed, what is the probability that the number of heads is even?
A running toilet that stops itself
Boss Telling direct supervisor I snitched
Is the differential, dp, exact or not?
An Undercover Army
Unfamiliar notation in Diabelli's "Duet in D" for piano
How to recover against Snake as a heavyweight character?
Should we avoid writing fiction about historical events without extensive research?
Ultrafilters as a double dual
Is it a Cyclops number? "Nobody" knows!
PTIJ: Sport in the Torah
Is this Paypal Github SDK reference really a dangerous site?
Why do we say 'Pairwise Disjoint', rather than 'Disjoint'?
Is there a math expression equivalent to the conditional ternary operator?
Are small insurances worth it?
What does it take to become a wilderness skills guide as a business?
Short SF story. Females use stingers to implant eggs in yearfathers
How can I portion out frozen cookie dough?
Internet / proxy problems Internet Explorer (PAC file)
Global (computer-wide) proxy settings from pac fileAstaro Security Gateway Firewall/Proxy won't let me access my local webserver: is PAC file the best solution?Proxy Auto config (PAC) exceptionApache proxy HTTP CONNECT method handshake failure between Apache server and destination serverInternet Explorer proxy pac filesProxy - Pac file - ipv6 with myAdresse()?Netfilter : invalid state for proxy through VPNExclude URL with non-stanard port from Proxy via PAC/WPAD fileProxy PAC not working
we have some internet/proxy problems in our network since 2 weeks. Users are getting sporadic errors "This page can't be displayed" in Internet Explorer 11 when trying to access websites - but not the whole time. Sometimes it works for 10 minutes, then it doesn't work for a minute, and so on.. Every user has set a proxy configuration file (PAC) in the IE settings. Now we tried to analyze with wireshark what is happening here, because we can't find any problem with the proxy server itself, the PAC file, or the user settings.
In the wireshark log, we can see that the IE is talking to the proxy server, sending GET requests and getting authenticated (Proxy Authentication via NTLMSSP), the proxy is also answering with a "HTTP/1.1 302 Found (text/html)". In the next step, we can see that the client is trying to go directly to the internet via the destination ip adress of the website, and this is beeing blocked by our firewall, because the clients just have to go via the proxy.
But why is Internet Explorer trying to go directly? Maybe someone has an idea?
Users are working on a WinSrv2008R2 Terminalserver (Citrix). We suspect Windows Updates as the reason, because we installed many outstanding updates 2 weeks ago. But we couldn't find any note on the web describing our problems.
The wireshark log:
[...]
545159 11:18:02.456003 172.27.217.119 10.2.50.11 HTTP 599 GET http://www.our-website.de/ HTTP/1.1
545160 11:18:02.456580 10.2.50.11 172.27.217.119 TCP 60 3128 → 55551 [ACK] Seq=1 Ack=546 Win=63424 Len=0
545161 11:18:02.457097 10.2.50.11 172.27.217.119 TCP 1434 [TCP segment of a reassembled PDU]
545162 11:18:02.457098 10.2.50.11 172.27.217.119 TCP 60 [TCP Previous segment not captured] 3128 → 55551 [FIN, ACK] Seq=2644 Ack=546 Win=63424 Len=0
545163 11:18:02.457117 172.27.217.119 10.2.50.11 TCP 54 55551 → 3128 [ACK] Seq=546 Ack=1381 Win=131072 Len=0
545164 11:18:02.457135 10.2.50.11 172.27.217.119 TCP 1317 [TCP Out-Of-Order] 3128 → 55551 [PSH, ACK] Seq=1381 Ack=546 Win=63424 Len=1263
545165 11:18:02.457145 172.27.217.119 10.2.50.11 TCP 54 55551 → 3128 [ACK] Seq=546 Ack=2645 Win=129792 Len=0
[...]
545199 11:18:02.466819 172.27.217.119 10.2.50.11 HTTP 683 GET http://www.our-website.de/ HTTP/1.1 , NTLMSSP_NEGOTIATE
545200 11:18:02.467245 10.2.50.11 172.27.217.119 TCP 60 3128 → 55552 [ACK] Seq=1 Ack=630 Win=63360 Len=0
545201 11:18:02.467546 10.2.50.11 172.27.217.119 HTTP 637 HTTP/1.1 407 Proxy Authentication Required , NTLMSSP_CHALLENGE
545202 11:18:02.467560 172.27.217.119 10.2.50.11 TCP 54 55552 → 3128 [ACK] Seq=630 Ack=584 Win=130304 Len=0
545206 11:18:02.474303 172.27.217.119 10.2.50.11 HTTP 1271 GET http://www.our-website.de/ HTTP/1.1 , NTLMSSP_AUTH, User: OUR_DOMAINuser
545207 11:18:02.475012 10.2.50.11 172.27.217.119 TCP 60 3128 → 55552 [ACK] Seq=584 Ack=1847 Win=62144 Len=0
545213 11:18:02.519326 10.2.50.11 172.27.217.119 HTTP 835 HTTP/1.1 302 Found (text/html)
545214 11:18:02.519359 172.27.217.119 10.2.50.11 TCP 54 55552 → 3128 [ACK] Seq=1847 Ack=1365 Win=129536 Len=0
545216 11:18:02.524742 172.27.217.119 #Website_IP# TCP 66 55553 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
545217 11:18:02.524880 172.27.217.119 #Website_IP# TCP 66 55554 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
545218 11:18:02.525377 #Website_IP# 172.27.217.119 TCP 60 80 → 55553 [RST, ACK] Seq=1 Ack=1 Win=8192 Len=0
545219 11:18:02.525487 #Website_IP# 172.27.217.119 TCP 60 80 → 55554 [RST, ACK] Seq=1 Ack=1 Win=8192 Len=0
We can see in our firewall log, that the connection is beeing blocked:
4 May 30 2017 11:18:02 106023 172.27.217.119 55553 #Website_IP# 80 Deny tcp [...]
// EDIT:
PAC-File:
function FindProxyForURL(url, host)
{
if (isPlainHostName(host)) { return "DIRECT"; }
if (host == "127.0.0.1") { return "DIRECT"; }
// 10.x.x.x
if (shExpMatch(url,"https://10.*.*.*") || shExpMatch(url,"http://10.*.*.*") || shExpMatch(url,"ftp://10.*.*.*"))
{
return "DIRECT";
}
// 172.27.x.x
if (shExpMatch(url,"https://172.27.*.*") || shExpMatch(url,"http://172.27.*.*") || shExpMatch(url,"ftp://172.27.*.*"))
{
return "DIRECT";
}
// 192.168.x.x
if (shExpMatch(url,"https://192.168.*.*") || shExpMatch(url,"http://192.168.*.*") || shExpMatch(url,"ftp://192.168.*.*"))
{
return "DIRECT";
}
// KV-SafeNet (INCAS Medical)
if((host == "www.incas-medical-safenet.de")) { return "DIRECT"; }
if((host == "188.144.47.250")) { return "DIRECT"; }
if(isInNet(host, "188.144.0.0", "255.254.0.0")) { return "DIRECT"; }
// If the requested website is hosted within the internal network, send direct.
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
return "PROXY 10.2.50.11:3128; PROXY 10.2.50.10:3128";
}
King Regards, Niko
proxy internet-explorer pac
asked May 30 '17 at 12:35
Niko21Niko21
163
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
we have some internet/proxy problems in our network since 2 weeks. Users are getting sporadic errors "This page can't be displayed" in Internet Explorer 11 when trying to access websites - but not the whole time. Sometimes it works for 10 minutes, then it doesn't work for a minute, and so on.. Every user has set a proxy configuration file (PAC) in the IE settings. Now we tried to analyze with wireshark what is happening here, because we can't find any problem with the proxy server itself, the PAC file, or the user settings.
In the wireshark log, we can see that the IE is talking to the proxy server, sending GET requests and getting authenticated (Proxy Authentication via NTLMSSP), the proxy is also answering with a "HTTP/1.1 302 Found (text/html)". In the next step, we can see that the client is trying to go directly to the internet via the destination ip adress of the website, and this is beeing blocked by our firewall, because the clients just have to go via the proxy.
But why is Internet Explorer trying to go directly? Maybe someone has an idea?
Users are working on a WinSrv2008R2 Terminalserver (Citrix). We suspect Windows Updates as the reason, because we installed many outstanding updates 2 weeks ago. But we couldn't find any note on the web describing our problems.
The wireshark log:
[...]
545159 11:18:02.456003 172.27.217.119 10.2.50.11 HTTP 599 GET http://www.our-website.de/ HTTP/1.1
545160 11:18:02.456580 10.2.50.11 172.27.217.119 TCP 60 3128 → 55551 [ACK] Seq=1 Ack=546 Win=63424 Len=0
545161 11:18:02.457097 10.2.50.11 172.27.217.119 TCP 1434 [TCP segment of a reassembled PDU]
545162 11:18:02.457098 10.2.50.11 172.27.217.119 TCP 60 [TCP Previous segment not captured] 3128 → 55551 [FIN, ACK] Seq=2644 Ack=546 Win=63424 Len=0
545163 11:18:02.457117 172.27.217.119 10.2.50.11 TCP 54 55551 → 3128 [ACK] Seq=546 Ack=1381 Win=131072 Len=0
545164 11:18:02.457135 10.2.50.11 172.27.217.119 TCP 1317 [TCP Out-Of-Order] 3128 → 55551 [PSH, ACK] Seq=1381 Ack=546 Win=63424 Len=1263
545165 11:18:02.457145 172.27.217.119 10.2.50.11 TCP 54 55551 → 3128 [ACK] Seq=546 Ack=2645 Win=129792 Len=0
[...]
545199 11:18:02.466819 172.27.217.119 10.2.50.11 HTTP 683 GET http://www.our-website.de/ HTTP/1.1 , NTLMSSP_NEGOTIATE
545200 11:18:02.467245 10.2.50.11 172.27.217.119 TCP 60 3128 → 55552 [ACK] Seq=1 Ack=630 Win=63360 Len=0
545201 11:18:02.467546 10.2.50.11 172.27.217.119 HTTP 637 HTTP/1.1 407 Proxy Authentication Required , NTLMSSP_CHALLENGE
545202 11:18:02.467560 172.27.217.119 10.2.50.11 TCP 54 55552 → 3128 [ACK] Seq=630 Ack=584 Win=130304 Len=0
545206 11:18:02.474303 172.27.217.119 10.2.50.11 HTTP 1271 GET http://www.our-website.de/ HTTP/1.1 , NTLMSSP_AUTH, User: OUR_DOMAINuser
545207 11:18:02.475012 10.2.50.11 172.27.217.119 TCP 60 3128 → 55552 [ACK] Seq=584 Ack=1847 Win=62144 Len=0
545213 11:18:02.519326 10.2.50.11 172.27.217.119 HTTP 835 HTTP/1.1 302 Found (text/html)
545214 11:18:02.519359 172.27.217.119 10.2.50.11 TCP 54 55552 → 3128 [ACK] Seq=1847 Ack=1365 Win=129536 Len=0
545216 11:18:02.524742 172.27.217.119 #Website_IP# TCP 66 55553 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
545217 11:18:02.524880 172.27.217.119 #Website_IP# TCP 66 55554 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
545218 11:18:02.525377 #Website_IP# 172.27.217.119 TCP 60 80 → 55553 [RST, ACK] Seq=1 Ack=1 Win=8192 Len=0
545219 11:18:02.525487 #Website_IP# 172.27.217.119 TCP 60 80 → 55554 [RST, ACK] Seq=1 Ack=1 Win=8192 Len=0
We can see in our firewall log, that the connection is beeing blocked:
4 May 30 2017 11:18:02 106023 172.27.217.119 55553 #Website_IP# 80 Deny tcp [...]
// EDIT:
PAC-File:
function FindProxyForURL(url, host)
{
if (isPlainHostName(host)) { return "DIRECT"; }
if (host == "127.0.0.1") { return "DIRECT"; }
// 10.x.x.x
if (shExpMatch(url,"https://10.*.*.*") || shExpMatch(url,"http://10.*.*.*") || shExpMatch(url,"ftp://10.*.*.*"))
{
return "DIRECT";
}
// 172.27.x.x
if (shExpMatch(url,"https://172.27.*.*") || shExpMatch(url,"http://172.27.*.*") || shExpMatch(url,"ftp://172.27.*.*"))
{
return "DIRECT";
}
// 192.168.x.x
if (shExpMatch(url,"https://192.168.*.*") || shExpMatch(url,"http://192.168.*.*") || shExpMatch(url,"ftp://192.168.*.*"))
{
return "DIRECT";
}
// KV-SafeNet (INCAS Medical)
if((host == "www.incas-medical-safenet.de")) { return "DIRECT"; }
if((host == "188.144.47.250")) { return "DIRECT"; }
if(isInNet(host, "188.144.0.0", "255.254.0.0")) { return "DIRECT"; }
// If the requested website is hosted within the internal network, send direct.
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
return "PROXY 10.2.50.11:3128; PROXY 10.2.50.10:3128";
}
King Regards, Niko
proxy internet-explorer pac
asked May 30 '17 at 12:35
Niko21Niko21
163
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Are you using a local pac-file likefile://path/to/pac? Can you provide the pac-file?
– duenni
May 30 '17 at 13:51
Are you using a local pac-file like file://path/to/pac Can you provide the pac-file?. I agree this can provide us with additional information.
– hesoyam
May 30 '17 at 14:02
The pac-file is not local, it's hosted on an internal webserver. I added the pac file in the top post.
– Niko21
May 30 '17 at 14:14
add a comment |
we have some internet/proxy problems in our network since 2 weeks. Users are getting sporadic errors "This page can't be displayed" in Internet Explorer 11 when trying to access websites - but not the whole time. Sometimes it works for 10 minutes, then it doesn't work for a minute, and so on.. Every user has set a proxy configuration file (PAC) in the IE settings. Now we tried to analyze with wireshark what is happening here, because we can't find any problem with the proxy server itself, the PAC file, or the user settings.
In the wireshark log, we can see that the IE is talking to the proxy server, sending GET requests and getting authenticated (Proxy Authentication via NTLMSSP), the proxy is also answering with a "HTTP/1.1 302 Found (text/html)". In the next step, we can see that the client is trying to go directly to the internet via the destination ip adress of the website, and this is beeing blocked by our firewall, because the clients just have to go via the proxy.
But why is Internet Explorer trying to go directly? Maybe someone has an idea?
Users are working on a WinSrv2008R2 Terminalserver (Citrix). We suspect Windows Updates as the reason, because we installed many outstanding updates 2 weeks ago. But we couldn't find any note on the web describing our problems.
The wireshark log:
[...]
545159 11:18:02.456003 172.27.217.119 10.2.50.11 HTTP 599 GET http://www.our-website.de/ HTTP/1.1
545160 11:18:02.456580 10.2.50.11 172.27.217.119 TCP 60 3128 → 55551 [ACK] Seq=1 Ack=546 Win=63424 Len=0
545161 11:18:02.457097 10.2.50.11 172.27.217.119 TCP 1434 [TCP segment of a reassembled PDU]
545162 11:18:02.457098 10.2.50.11 172.27.217.119 TCP 60 [TCP Previous segment not captured] 3128 → 55551 [FIN, ACK] Seq=2644 Ack=546 Win=63424 Len=0
545163 11:18:02.457117 172.27.217.119 10.2.50.11 TCP 54 55551 → 3128 [ACK] Seq=546 Ack=1381 Win=131072 Len=0
545164 11:18:02.457135 10.2.50.11 172.27.217.119 TCP 1317 [TCP Out-Of-Order] 3128 → 55551 [PSH, ACK] Seq=1381 Ack=546 Win=63424 Len=1263
545165 11:18:02.457145 172.27.217.119 10.2.50.11 TCP 54 55551 → 3128 [ACK] Seq=546 Ack=2645 Win=129792 Len=0
[...]
545199 11:18:02.466819 172.27.217.119 10.2.50.11 HTTP 683 GET http://www.our-website.de/ HTTP/1.1 , NTLMSSP_NEGOTIATE
545200 11:18:02.467245 10.2.50.11 172.27.217.119 TCP 60 3128 → 55552 [ACK] Seq=1 Ack=630 Win=63360 Len=0
545201 11:18:02.467546 10.2.50.11 172.27.217.119 HTTP 637 HTTP/1.1 407 Proxy Authentication Required , NTLMSSP_CHALLENGE
545202 11:18:02.467560 172.27.217.119 10.2.50.11 TCP 54 55552 → 3128 [ACK] Seq=630 Ack=584 Win=130304 Len=0
545206 11:18:02.474303 172.27.217.119 10.2.50.11 HTTP 1271 GET http://www.our-website.de/ HTTP/1.1 , NTLMSSP_AUTH, User: OUR_DOMAINuser
545207 11:18:02.475012 10.2.50.11 172.27.217.119 TCP 60 3128 → 55552 [ACK] Seq=584 Ack=1847 Win=62144 Len=0
545213 11:18:02.519326 10.2.50.11 172.27.217.119 HTTP 835 HTTP/1.1 302 Found (text/html)
545214 11:18:02.519359 172.27.217.119 10.2.50.11 TCP 54 55552 → 3128 [ACK] Seq=1847 Ack=1365 Win=129536 Len=0
545216 11:18:02.524742 172.27.217.119 #Website_IP# TCP 66 55553 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
545217 11:18:02.524880 172.27.217.119 #Website_IP# TCP 66 55554 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
545218 11:18:02.525377 #Website_IP# 172.27.217.119 TCP 60 80 → 55553 [RST, ACK] Seq=1 Ack=1 Win=8192 Len=0
545219 11:18:02.525487 #Website_IP# 172.27.217.119 TCP 60 80 → 55554 [RST, ACK] Seq=1 Ack=1 Win=8192 Len=0
We can see in our firewall log, that the connection is beeing blocked:
4 May 30 2017 11:18:02 106023 172.27.217.119 55553 #Website_IP# 80 Deny tcp [...]
// EDIT:
PAC-File:
function FindProxyForURL(url, host)
{
if (isPlainHostName(host)) { return "DIRECT"; }
if (host == "127.0.0.1") { return "DIRECT"; }
// 10.x.x.x
if (shExpMatch(url,"https://10.*.*.*") || shExpMatch(url,"http://10.*.*.*") || shExpMatch(url,"ftp://10.*.*.*"))
{
return "DIRECT";
}
// 172.27.x.x
if (shExpMatch(url,"https://172.27.*.*") || shExpMatch(url,"http://172.27.*.*") || shExpMatch(url,"ftp://172.27.*.*"))
{
return "DIRECT";
}
// 192.168.x.x
if (shExpMatch(url,"https://192.168.*.*") || shExpMatch(url,"http://192.168.*.*") || shExpMatch(url,"ftp://192.168.*.*"))
{
return "DIRECT";
}
// KV-SafeNet (INCAS Medical)
if((host == "www.incas-medical-safenet.de")) { return "DIRECT"; }
if((host == "188.144.47.250")) { return "DIRECT"; }
if(isInNet(host, "188.144.0.0", "255.254.0.0")) { return "DIRECT"; }
// If the requested website is hosted within the internal network, send direct.
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
return "PROXY 10.2.50.11:3128; PROXY 10.2.50.10:3128";
}
King Regards, Niko
proxy internet-explorer pac
asked May 30 '17 at 12:35
Niko21Niko21
163
we have some internet/proxy problems in our network since 2 weeks. Users are getting sporadic errors "This page can't be displayed" in Internet Explorer 11 when trying to access websites - but not the whole time. Sometimes it works for 10 minutes, then it doesn't work for a minute, and so on.. Every user has set a proxy configuration file (PAC) in the IE settings. Now we tried to analyze with wireshark what is happening here, because we can't find any problem with the proxy server itself, the PAC file, or the user settings.
In the wireshark log, we can see that the IE is talking to the proxy server, sending GET requests and getting authenticated (Proxy Authentication via NTLMSSP), the proxy is also answering with a "HTTP/1.1 302 Found (text/html)". In the next step, we can see that the client is trying to go directly to the internet via the destination ip adress of the website, and this is beeing blocked by our firewall, because the clients just have to go via the proxy.
But why is Internet Explorer trying to go directly? Maybe someone has an idea?
Users are working on a WinSrv2008R2 Terminalserver (Citrix). We suspect Windows Updates as the reason, because we installed many outstanding updates 2 weeks ago. But we couldn't find any note on the web describing our problems.
The wireshark log:
[...]
545159 11:18:02.456003 172.27.217.119 10.2.50.11 HTTP 599 GET http://www.our-website.de/ HTTP/1.1
545160 11:18:02.456580 10.2.50.11 172.27.217.119 TCP 60 3128 → 55551 [ACK] Seq=1 Ack=546 Win=63424 Len=0
545161 11:18:02.457097 10.2.50.11 172.27.217.119 TCP 1434 [TCP segment of a reassembled PDU]
545162 11:18:02.457098 10.2.50.11 172.27.217.119 TCP 60 [TCP Previous segment not captured] 3128 → 55551 [FIN, ACK] Seq=2644 Ack=546 Win=63424 Len=0
545163 11:18:02.457117 172.27.217.119 10.2.50.11 TCP 54 55551 → 3128 [ACK] Seq=546 Ack=1381 Win=131072 Len=0
545164 11:18:02.457135 10.2.50.11 172.27.217.119 TCP 1317 [TCP Out-Of-Order] 3128 → 55551 [PSH, ACK] Seq=1381 Ack=546 Win=63424 Len=1263
545165 11:18:02.457145 172.27.217.119 10.2.50.11 TCP 54 55551 → 3128 [ACK] Seq=546 Ack=2645 Win=129792 Len=0
[...]
545199 11:18:02.466819 172.27.217.119 10.2.50.11 HTTP 683 GET http://www.our-website.de/ HTTP/1.1 , NTLMSSP_NEGOTIATE
545200 11:18:02.467245 10.2.50.11 172.27.217.119 TCP 60 3128 → 55552 [ACK] Seq=1 Ack=630 Win=63360 Len=0
545201 11:18:02.467546 10.2.50.11 172.27.217.119 HTTP 637 HTTP/1.1 407 Proxy Authentication Required , NTLMSSP_CHALLENGE
545202 11:18:02.467560 172.27.217.119 10.2.50.11 TCP 54 55552 → 3128 [ACK] Seq=630 Ack=584 Win=130304 Len=0
545206 11:18:02.474303 172.27.217.119 10.2.50.11 HTTP 1271 GET http://www.our-website.de/ HTTP/1.1 , NTLMSSP_AUTH, User: OUR_DOMAINuser
545207 11:18:02.475012 10.2.50.11 172.27.217.119 TCP 60 3128 → 55552 [ACK] Seq=584 Ack=1847 Win=62144 Len=0
545213 11:18:02.519326 10.2.50.11 172.27.217.119 HTTP 835 HTTP/1.1 302 Found (text/html)
545214 11:18:02.519359 172.27.217.119 10.2.50.11 TCP 54 55552 → 3128 [ACK] Seq=1847 Ack=1365 Win=129536 Len=0
545216 11:18:02.524742 172.27.217.119 #Website_IP# TCP 66 55553 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
545217 11:18:02.524880 172.27.217.119 #Website_IP# TCP 66 55554 → 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
545218 11:18:02.525377 #Website_IP# 172.27.217.119 TCP 60 80 → 55553 [RST, ACK] Seq=1 Ack=1 Win=8192 Len=0
545219 11:18:02.525487 #Website_IP# 172.27.217.119 TCP 60 80 → 55554 [RST, ACK] Seq=1 Ack=1 Win=8192 Len=0
We can see in our firewall log, that the connection is beeing blocked:
4 May 30 2017 11:18:02 106023 172.27.217.119 55553 #Website_IP# 80 Deny tcp [...]
// EDIT:
PAC-File:
function FindProxyForURL(url, host)
{
if (isPlainHostName(host)) { return "DIRECT"; }
if (host == "127.0.0.1") { return "DIRECT"; }
// 10.x.x.x
if (shExpMatch(url,"https://10.*.*.*") || shExpMatch(url,"http://10.*.*.*") || shExpMatch(url,"ftp://10.*.*.*"))
{
return "DIRECT";
}
// 172.27.x.x
if (shExpMatch(url,"https://172.27.*.*") || shExpMatch(url,"http://172.27.*.*") || shExpMatch(url,"ftp://172.27.*.*"))
{
return "DIRECT";
}
// 192.168.x.x
if (shExpMatch(url,"https://192.168.*.*") || shExpMatch(url,"http://192.168.*.*") || shExpMatch(url,"ftp://192.168.*.*"))
{
return "DIRECT";
}
// KV-SafeNet (INCAS Medical)
if((host == "www.incas-medical-safenet.de")) { return "DIRECT"; }
if((host == "188.144.47.250")) { return "DIRECT"; }
if(isInNet(host, "188.144.0.0", "255.254.0.0")) { return "DIRECT"; }
// If the requested website is hosted within the internal network, send direct.
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
return "PROXY 10.2.50.11:3128; PROXY 10.2.50.10:3128";
}
King Regards, Niko
proxy internet-explorer pac
proxy internet-explorer pac
asked May 30 '17 at 12:35
Niko21Niko21
163
asked May 30 '17 at 12:35
Niko21Niko21
163
edited May 30 '17 at 14:13
Niko21
asked May 30 '17 at 12:35
Niko21Niko21
163
asked May 30 '17 at 12:35
Niko21Niko21
163
asked May 30 '17 at 12:35
Niko21Niko21
163
163
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 4 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Are you using a local pac-file likefile://path/to/pac? Can you provide the pac-file?
– duenni
May 30 '17 at 13:51
Are you using a local pac-file like file://path/to/pac Can you provide the pac-file?. I agree this can provide us with additional information.
– hesoyam
May 30 '17 at 14:02
The pac-file is not local, it's hosted on an internal webserver. I added the pac file in the top post.
– Niko21
May 30 '17 at 14:14
add a comment |
Are you using a local pac-file likefile://path/to/pac? Can you provide the pac-file?
– duenni
May 30 '17 at 13:51
Are you using a local pac-file like file://path/to/pac Can you provide the pac-file?. I agree this can provide us with additional information.
– hesoyam
May 30 '17 at 14:02
The pac-file is not local, it's hosted on an internal webserver. I added the pac file in the top post.
– Niko21
May 30 '17 at 14:14
Are you using a local pac-file like
file://path/to/pac? Can you provide the pac-file?– duenni
May 30 '17 at 13:51
Are you using a local pac-file like
file://path/to/pac? Can you provide the pac-file?– duenni
May 30 '17 at 13:51
Are you using a local pac-file like file://path/to/pac Can you provide the pac-file?. I agree this can provide us with additional information.
– hesoyam
May 30 '17 at 14:02
Are you using a local pac-file like file://path/to/pac Can you provide the pac-file?. I agree this can provide us with additional information.
– hesoyam
May 30 '17 at 14:02
The pac-file is not local, it's hosted on an internal webserver. I added the pac file in the top post.
– Niko21
May 30 '17 at 14:14
The pac-file is not local, it's hosted on an internal webserver. I added the pac file in the top post.
– Niko21
May 30 '17 at 14:14
add a comment |
1 Answer
1
active
oldest
votes
Your firewall is blocking traffic that it should not, or traffic is being routed to the firewall that should not be.
You proxy file is configured for direct for "172.16.0.0", "255.240.0.0", which includes address range: 172.16.0.0 - 172.31.255.255. The example you provided is for 172.27.217.119, which should be allowed but is dropped by your firewall.
answered May 30 '17 at 14:27
Greg AskewGreg Askew
28.9k33768
172.27.217.119 is the ip of our terminalserver (let's say client). The webserver ip from the example was 62.*-range. Every traffic, except local traffic and except 188.144.* should be proxied, but sometimes internet explorer is trying it direct without proxy, leading to an error message because user's are not allowed to bypass the proxy (firewall deny).
– Niko21
May 30 '17 at 14:46
Ah, ok, I overlooked that. I would check the actual pac file that is downloaded when the symptom is occurring to confirm it is getting the pac file.
– Greg Askew
May 31 '17 at 1:14
How could i check that? I can open the pac in the browser without any problems.
– Niko21
May 31 '17 at 8:18
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f853012%2finternet-proxy-problems-internet-explorer-pac-file%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Your firewall is blocking traffic that it should not, or traffic is being routed to the firewall that should not be.
You proxy file is configured for direct for "172.16.0.0", "255.240.0.0", which includes address range: 172.16.0.0 - 172.31.255.255. The example you provided is for 172.27.217.119, which should be allowed but is dropped by your firewall.
answered May 30 '17 at 14:27
Greg AskewGreg Askew
28.9k33768
172.27.217.119 is the ip of our terminalserver (let's say client). The webserver ip from the example was 62.*-range. Every traffic, except local traffic and except 188.144.* should be proxied, but sometimes internet explorer is trying it direct without proxy, leading to an error message because user's are not allowed to bypass the proxy (firewall deny).
– Niko21
May 30 '17 at 14:46
Ah, ok, I overlooked that. I would check the actual pac file that is downloaded when the symptom is occurring to confirm it is getting the pac file.
– Greg Askew
May 31 '17 at 1:14
How could i check that? I can open the pac in the browser without any problems.
– Niko21
May 31 '17 at 8:18
add a comment |
Your firewall is blocking traffic that it should not, or traffic is being routed to the firewall that should not be.
You proxy file is configured for direct for "172.16.0.0", "255.240.0.0", which includes address range: 172.16.0.0 - 172.31.255.255. The example you provided is for 172.27.217.119, which should be allowed but is dropped by your firewall.
answered May 30 '17 at 14:27
Greg AskewGreg Askew
28.9k33768
172.27.217.119 is the ip of our terminalserver (let's say client). The webserver ip from the example was 62.*-range. Every traffic, except local traffic and except 188.144.* should be proxied, but sometimes internet explorer is trying it direct without proxy, leading to an error message because user's are not allowed to bypass the proxy (firewall deny).
– Niko21
May 30 '17 at 14:46
Ah, ok, I overlooked that. I would check the actual pac file that is downloaded when the symptom is occurring to confirm it is getting the pac file.
– Greg Askew
May 31 '17 at 1:14
How could i check that? I can open the pac in the browser without any problems.
– Niko21
May 31 '17 at 8:18
add a comment |
Your firewall is blocking traffic that it should not, or traffic is being routed to the firewall that should not be.
You proxy file is configured for direct for "172.16.0.0", "255.240.0.0", which includes address range: 172.16.0.0 - 172.31.255.255. The example you provided is for 172.27.217.119, which should be allowed but is dropped by your firewall.
answered May 30 '17 at 14:27
Greg AskewGreg Askew
28.9k33768
Your firewall is blocking traffic that it should not, or traffic is being routed to the firewall that should not be.
You proxy file is configured for direct for "172.16.0.0", "255.240.0.0", which includes address range: 172.16.0.0 - 172.31.255.255. The example you provided is for 172.27.217.119, which should be allowed but is dropped by your firewall.
answered May 30 '17 at 14:27
Greg AskewGreg Askew
28.9k33768
answered May 30 '17 at 14:27
Greg AskewGreg Askew
28.9k33768
answered May 30 '17 at 14:27
Greg AskewGreg Askew
28.9k33768
answered May 30 '17 at 14:27
Greg AskewGreg Askew
28.9k33768
28.9k33768
172.27.217.119 is the ip of our terminalserver (let's say client). The webserver ip from the example was 62.*-range. Every traffic, except local traffic and except 188.144.* should be proxied, but sometimes internet explorer is trying it direct without proxy, leading to an error message because user's are not allowed to bypass the proxy (firewall deny).
– Niko21
May 30 '17 at 14:46
Ah, ok, I overlooked that. I would check the actual pac file that is downloaded when the symptom is occurring to confirm it is getting the pac file.
– Greg Askew
May 31 '17 at 1:14
How could i check that? I can open the pac in the browser without any problems.
– Niko21
May 31 '17 at 8:18
add a comment |
172.27.217.119 is the ip of our terminalserver (let's say client). The webserver ip from the example was 62.*-range. Every traffic, except local traffic and except 188.144.* should be proxied, but sometimes internet explorer is trying it direct without proxy, leading to an error message because user's are not allowed to bypass the proxy (firewall deny).
– Niko21
May 30 '17 at 14:46
Ah, ok, I overlooked that. I would check the actual pac file that is downloaded when the symptom is occurring to confirm it is getting the pac file.
– Greg Askew
May 31 '17 at 1:14
How could i check that? I can open the pac in the browser without any problems.
– Niko21
May 31 '17 at 8:18
172.27.217.119 is the ip of our terminalserver (let's say client). The webserver ip from the example was 62.*-range. Every traffic, except local traffic and except 188.144.* should be proxied, but sometimes internet explorer is trying it direct without proxy, leading to an error message because user's are not allowed to bypass the proxy (firewall deny).
– Niko21
May 30 '17 at 14:46
172.27.217.119 is the ip of our terminalserver (let's say client). The webserver ip from the example was 62.*-range. Every traffic, except local traffic and except 188.144.* should be proxied, but sometimes internet explorer is trying it direct without proxy, leading to an error message because user's are not allowed to bypass the proxy (firewall deny).
– Niko21
May 30 '17 at 14:46
Ah, ok, I overlooked that. I would check the actual pac file that is downloaded when the symptom is occurring to confirm it is getting the pac file.
– Greg Askew
May 31 '17 at 1:14
Ah, ok, I overlooked that. I would check the actual pac file that is downloaded when the symptom is occurring to confirm it is getting the pac file.
– Greg Askew
May 31 '17 at 1:14
How could i check that? I can open the pac in the browser without any problems.
– Niko21
May 31 '17 at 8:18
How could i check that? I can open the pac in the browser without any problems.
– Niko21
May 31 '17 at 8:18
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f853012%2finternet-proxy-problems-internet-explorer-pac-file%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Are you using a local pac-file like
file://path/to/pac? Can you provide the pac-file?– duenni
May 30 '17 at 13:51
Are you using a local pac-file like file://path/to/pac Can you provide the pac-file?. I agree this can provide us with additional information.
– hesoyam
May 30 '17 at 14:02
The pac-file is not local, it's hosted on an internal webserver. I added the pac file in the top post.
– Niko21
May 30 '17 at 14:14