Exclude a specific node by modifying PAC file

(Sahil Singla) #1

Hi Team,

We have customer and they were hit by an outage last week because of an issue with one of our DC. They want to primarily find out a way to exclude the impacted DC by modifying the PAC file.

Following are the details of their environment:

3000 users
250 locations; No static IPs(can’t use ${SRCIP}); distributed across North America
Zapp is deployed in tunnel with Local Proxy mode

I have written the following code which will go into their App Profile PAC file to get the job done. I want your help in locating any caveats with the following code:

//Find the primary node IP address
var withPort = “${GATEWAY}”;

//${GATEWAY} resolves to so to replace the port I am using substring function

var gatewayIp = withPort.substring(0, 14);

//send traffic to secondary gateway if primary node is the impacted one

if (shExpMatch(gatewayIp, “”)) return “PROXY ${SECONDARY_GATEWAY}:443; DIRECT”;

//If the primary Gateway is not the affected gateway traffic will flow the nearest DC


(Adrian Larsen) #2

Hi Sahil,
This is the PAC file you are looking for:

function FindProxyForURL(url, host) {

	// Default value      
	var tozscaler = "PROXY ${GATEWAY}:80; PROXY ${SECONDARY_GATEWAY}:80; DIRECT";

	var prigateway = "${GATEWAY}"

	// Avoid to use this Gateway IP:        
	if (shExpMatch(prigateway,"")) {
    	var tozscaler = "PROXY ${SECONDARY_GATEWAY}:80; DIRECT";

        /* Default Traffic Forwarding. Forwarding to Zen on port 80, but you can use port 9400 also */
         return tozscaler


Some notes:
a) shExpMatch validates a string not an IP. You can compare whatever you want.
b) Zapp refresh PAC files every 20 minutes (+/-)

Please, feel free to contact me directly if you have any additional questions.

Best regards,


(Sahil Singla) #3

Thank you, Adrian.

Will reach out if I have any follow questions.