PAC File Syntax - shExpMatch - Period Seemingly Ignored

Kenneth_West · May 25, 2022, 2:19am

We are seeing a behavior that we’d like some expert opinions on. The inclusion of a leading period (.) within the “host” parameter’s value seems to be ignored. In the example below, this causes "fakewebex(dot)com and “fake(dot)webex(dot)com” to both match the shExpMatch, which is not ideal.

function FindProxyForURL(url, host) {
if (shExpMatch(host, "*.webex.com"))
return "PROXY ${ZAPP_TUNNEL2_BYPASS}";
return "DIRECT";
}

Any thoughts on if this is expected? Further, how would you suggest writing a shExpMatch function that would match on anything(dot)webex(dot)com, but not on anythingwebex(dot)com?

Testing resource used for validation:

@cyaun

mryan · May 25, 2022, 8:38am

shExpMatch is a regular expression match function. RegEx considers a dot as matching any character - so webex.com would match “webex.com” as well as “webexxcom” and webex1com".
You should consider dnsDomainis(Host,“webex.com” as a function, which is more efficient, but also more specific.
If you need more specificity using RegEx then shExpMatch(host,".*.webex.com") would be a more appropriate regular expression, since the dot is escaped - meaning it should explicitly match the dot. This function is essentially the same as the dnsDomainIs function above, but is still using RegEx which makes is computationally less efficient (not that it particularly matters)

Omar · May 25, 2022, 11:55am

Try to to use

shExpMatch(url //This matches the url path itself rather than the target host

instead of

shExpMatch(host

Let me know if it makes a difference.
would also recommend using the browser built in dev Tools to check the host/URl when visiting a site.

Note: Try bypassing SSL inspection for Webex as an application if you are facing issues with it.

Thomas · May 25, 2022, 3:49pm

assuming that the URI is https … then shexpmatch on url will not work as browsers nowadays by default strip off the path before pac file sees it.
In such cases what pac file gets to see is like ‘url=host:port’

See eg

or

Kenneth_West · May 26, 2022, 5:02am

Thanks @mryan! Your shExpMatch example shExpMatch(host,".*.webex.com") does indeed cause fakewebex.com to no longer get matched, and so meets my goal. To your optimal suggestion of using dnsDomainIs, I agree, and we have landed on the code below that meets all of our criteria (matches on webex.com and anything.webex.com, but doesn’t match on fakewebex.com, or fakewebexcom).

function FindProxyForURL(url, host) {
if (dnsDomainIs(host, "webex.com") || dnsDomainIs(host, ".webex.com"))
return "PROXY ${ZAPP_TUNNEL2_BYPASS}";
return "DIRECT";
}

Kenneth_West · May 26, 2022, 5:08am

@Omar, I have tried your shExpMatch(url suggestion and it still matches on fakewebex.com, which is not desired. Code snippet I tried, based on your suggestion:

function FindProxyForURL(url, host) {
if (shExpMatch(url, "*.webex.com"))
return "PROXY ${ZAPP_TUNNEL2_BYPASS}";
return "DIRECT";
}

Omar · May 31, 2022, 7:01am

Thanks for replying , I guess I missed the dot before *

Ben_Garrison · August 31, 2022, 2:20pm