Updates to Office 365 Proxy PAC Generator

I wrote the original Proxy PAC tool for a customer almost a year ago, and since have added a lot of new functionality.  Rather than updating my previous blog posts about it, I thought I would start a fresh thread.  If you want some background on how Proxy PAC files work and how to distribute them to your users via GPO or WPAD, I would suggest taking a look at my posts dealing with those topics:

Now, on to the new stuff.

43523-Nathan-Fillion-shiny-gif-rNRf

Configuring

I try hard to build in good help, which you can access by running Get-Help .\Office365ProxyPac.ps1.

pac_v2-01

I added a few new parameters that I'm really excited about and want to share.  So, without further ado:

Blocklist

This is a feature that I put in after some questions from customers about including public URLs such as Facebook or YouTube in the O365IPAddresses.xml file.  Some organizations don't really want to allow access to those URLs carte blanch, so I added a feature to exclude those from being included in the "DIRECT" directive by omitting them from the list overall.  Using the feature:

 .\Office365ProxyPac.ps1 -Blocklist youtube,facebook

pac_v2-02

AlwaysProxyBlocklist

However, just to cover all the bases, maybe the customer wants to ensure that those URLs on the Blocklist are actually proxied.  In that case, they can use the -AlwaysProxyBlocklist parameter, which causes the script to build a new section and assign them the PROXY directive with no fall-back configuration.  To use this feature:

 .\Office365ProxyPac.ps1 -Blocklist youtube,facebook

pac_v2-03

When you open the Office365PAC.pac file, you'll see this new directive:

pac_v2-04

Products

This was by far the most requested feature that I added.  I received a lot of feedback about being able to only configure proxy bypass (DIRECT) for individual services, so I have finally implemented a feature to be able to do it.  To use the feature:

 .\Office365ProxyPac.ps1 -Products EXO,Identity

pac_v2-05

Testing

Once you've created your PAC file, I would suggest testing it to make sure you get the desired behavior.  I use the FindProxyForUrl toolset (https://findproxyforurl.com/official-toolset/).  After you download and extract it, you can use pactester.exe to verify that it works as planned.  For my test PAC, I used the parameters -Products EXO,OneNote,Identity -AlwaysProxyBlockList -Blocklist youtube,facebook.

To run the tool, the syntax is:

 pactester.exe -p <pac file> -u <url to test>

pac_v2-07

In my case, the desired result is to send URLs with the pattern facebook to the proxy and for everything else to go direct.

The updated version of the Office 365 Proxy Pac tool is available here: https://gallery.technet.microsoft.com/Office-365-Proxy-Pac-60fb28f7.

Happy Proxying!