function FindProxyForURL(url, host) { // ========================================================= // Section 1: Zscaler standard PAC values var privateIP = /^(0|10|127|192\.168|172\.1[6789]|172\.2[0-9]|172\.3[01]|169\.254|192\.88\.99)\.[0-9.]+$/; var resolved_ip = dnsResolve(host); /* Don't send non-FQDN or private IP auths to us */ if (isPlainHostName(host) || isInNet(resolved_ip, "192.0.2.0", "255.255.255.0") || privateIP.test(resolved_ip)) return "DIRECT"; /* FTP goes directly */ if (url.substring(0, 4) == "ftp:") return "DIRECT"; /* test with ZPA */ if (isInNet(resolved_ip, "100.64.0.0", "255.255.0.0")) return "DIRECT"; // ========================================================= // Section 2: Load Balancing: 2 x Cloud Security Connectors Multiplex 2 Gbps // Azure to Zscaler: 4 Gbps // Get NIC IP address nicIp = myIpAddress(); // Assigning values to "tozscaler" and "bypass" if (isInNet(nicIp, "0.0.0.0", "0.0.0.1")) { var tozscaler = "PROXY csc1vip:80; PROXY csc2vip:80"; var bypass = "PROXY csc1bypass:3128; PROXY csc2bypass:3128"; } if (isInNet(nicIp, "0.0.0.1", "0.0.0.1")) { var tozscaler = "PROXY csc2vip:80; PROXY csc1vip:80"; var bypass = "PROXY csc2bypass:3128; PROXY csc1bypass:3128"; } // ========================================================= // Section 3: Bypass via Cloud Security Connectors // Bypass via CSC Public IPs (Examples) // Okta Domains (for Location Rules) if ((shExpMatch(host, "*.okta.com")) || (shExpMatch(host, "*.oktacdn.com")) || (shExpMatch(host, "*.okta-emea.com")) || // Trusted Sites (shExpMatch(host, "trusted.domain.com")) || (shExpMatch(host, "trusted2.domain.com")) || (shExpMatch(host, "*.trusted-domain.com")) || // O365 Domains for ConditionalAccess (shExpMatch(host, "login.microsoftonline.com")) || (shExpMatch(host, "login.microsoft.com")) || (shExpMatch(host, "login.windows.net")) || // IP / Port test page (shExpMatch(host, "portquiz.net"))) { return bypass } // ========================================================= // Section 4: Default Traffic /* Default Traffic Forwarding. Forwarding to Zen on port 80, but you can use port 9400 also */ return tozscaler }