Customize Umbrella's PAC File

To bypass internal domains, you must customize Umbrella's PAC file by adding these domains to it. This can be achieved using the Umbrella dashboard rather than having to manually edit the PAC file.

Umbrella copies internal domains configured in the Umbrella dashboard (Deployments > Configuration > Domain Management) to the PAC file so that these internal domains are not sent to the proxy. Besides internal domains, you can add external domains to the Umbrella PAC file.

Umbrella supports IP-based domains. You must enter the IP in the browser’s address bar as the domain portion of the URL. For example, https://1.2.3.4/URLpath/. The PAC file does not resolve a domain to IP before matching an IP-based domain for bypass.

If you require any manual editing of the PAC file, you must host the PAC file on a web server in your own environment. For more information about hosting a PAC file, see your web server’s documentation.

Note: Umbrella limits PAC file downloads and usage to roaming computers on fixed networks. You must register your fixed networks with Umbrella. When roaming computers are located off the protected network or you use other connection mechanisms, Umbrella does not support PAC files.

Prerequisites

• Full admin access to the Umbrella dashboard. See Manage User Roles.

Procedure

1. Navigate to Policies > Management > Web Policy and click Add or expand an existing ruleset.

2. Under Ruleset Settings, for PAC File, copy the PAC file URL.

3. Download the Umbrella PAC file by pasting the copied PAC URL into a browser's address bar and then press Enter / Return.
   Note: To download Umbrella's PAC file, you must add your egress IP to Umbrella as a network identity. Umbrella only allows the PAC file to download from a trusted network.

4. Open the downloaded PAC file with a text editor, update it with domains to be bypassed, and then save the PAC file.
   Note: Provide a comma-delimited list of domain name and surround each domain name in the list with quotation marks. The asterisk (*) is a wildcard character that is treated as any value of any length. Use extreme caution when using this wildcard as well as periods. For example, *.example.com bypasses www.example.com, mail.example.com, and c.23.example.com whereas *example.com bypasses www.example.com and phishingexample.com.

//------------------------Customer Section------------------------
    //Add your internal domains within quotations marks like "wwwin.acme.com"
    //after the right parenthesis below. Please remove the two examples
    //below and add your own internal domains.

    var dont_proxy_customer_list = new Array(
        "wwwin.example.org",
        "*.example.org"
    );

    //Warning to Administrators: Touching any section after this point might
    //affect your users browsing experience and lead to considerable number
    //of issues and loading your customer support.
    //---------------------End Customer Section-----------------------

Deploy Umbrella's PAC File for Mac < Customize Umbrella's PAC File > Manage Proxy Chaining