Connect to Websites

Last modified on August 30, 2022

Overview

When connecting to a website resource through strongDM, traffic is proxied from your system through your gateways or relays to reach the final site.

For your system to understand what web requests to proxy, you need to configure a Proxy Auto-Configuration (PAC) file. This file allows you to check your host URLs against an *.sdm.network expression to determine if the specified proxy should occur through strongDM.

We recommend using our PAC file for this task.

Prerequisites

Before you get started with the configuration steps in this guide, make sure the following conditions are met:

  • The web resource is created under the Websites section of the Admin UI. For more information, see Websites.
  • The intended users have access to view the website resource. For more, see the Roles page.

Configure PAC on Windows

Use the following steps to automatically set up a proxy in the Windows automatic proxy settings.

  1. Open the Settings from the Windows menu.

  2. Click Network & Internet.

  3. Open the Proxy tab.

  4. Enable Use setup script.

  5. Add https://app.strongdm.com/proxy.pac to the Script address field.

    Automatic Proxy Setup Windows
    Automatic Proxy Setup Windows
  6. Click Save.

  7. Log in to the strongDM Desktop application.

  8. Open the website in your browser and it successfully displays.

Configure PAC on macOS

Use the following steps to enable automatic proxy configuration on macOS.

  1. Open your System Preferences and select the Network icon.

  2. Choose your current connection method (for example, wireless or ethernet) and click the Advanced button.

    Advanced Network Settings macOS
    Advanced Network Settings macOS
  3. Click the Proxies tab.

  4. Check to enable Automatic Proxy Configuration.

  5. Add https://app.strongdm.com/proxy.pac to the URL field.

    Automatic Proxy Configuration macOS
    Automatic Proxy Configuration macOS
  6. Click OK.

  7. Click Apply.

  8. Log in to the strongDM Desktop application.

  9. Open the website in your browser and it successfully displays.

Use cURL With strongDM

If you prefer to bypass the PAC file, you can use curl to send and receive *.sdm.network web traffic through strongDM. For example, this can be helpful when testing programmatic connections to a site.

By default, curl sends an HTTP GET request. All curl requests are made through localhost on port 65230 and require *.sdm.network in the header. You can use the -x or --proxy switch to supply curl with proxy details. Both switches accomplish the same goal.

  1. Once a resource is configured in the Websites section of the strongDM Admin UI, run sdm status in the CLI.

  2. Check the URL column in the output, which displays the configured websites with this basic URL pattern:

    http://<HTTP_SUBDOMAIN>.<ORG_NAME>.sdm.network/<PATH>

    WEBSITE      URL                                                          TAGS
    Example1     http://simple-web-page.my-organization.sdm.network/phpinfo.php    temporary access until 11:27AM
    

    If we break down our Example1 website above, we can see the following URL components:

    • <HTTP_SUBDOMAIN> is listed before the organization name (for example, simple-web-page).
    • <ORG_NAME> precedes .sdm.network (for example, my-organization). This value is used organization-wide. It can be found in your Admin UI under Settings > General. The organization name does not typically change during the lifetime of your deployment. Spaces and special characters are removed from the URL.
    • <PATH> indicates the full path of the resource you are trying to access on that website (for example, /phpinfo.php).
  3. Use the following curl command to specify strongDM as the HTTP proxy. Replace with the values from the sdm status output in step 2.

    curl -k -x localhost:65230 <URL_FROM_SDM_STATUS_OUTPUT>/<PATH>
    
    curl -k -x localhost:65230 http://simple-web-page.my-organization.sdm.network/phpinfo.php
    

Add to an Existing Proxy

If your system already has a proxy configured, you can append the following rules to your existing configuration:

function FindProxyForURL(url, host) {
  if (shExpMatch(host, "proxyerror.sdm.network")) {
    return "DIRECT";
  }
  if (shExpMatch(host, "*.sdm.network")) {
    return "PROXY localhost:65230";
  }
  return "DIRECT";
}

FAQ

Q: What is the proxy.pac file that the URL is pointing to?
A: A PAC file contains a JavaScript function that tells the HTTP client which proxy server to connect to for specifically defined URLs. To learn more, see the Mozilla Developer Docs.

Q: What does the strongDM PAC file do?
A: It sends any web requests containing sdm.network in the URL to be proxied through a port on the localhost. All other connection attempts go directly to the intended site.

Q: Is there an alternative to pointing to the strongDM hosted PAC file?
A: Yes, you could also download the PAC file and host it on your own web servers. It does not have to be dynamically loaded from our server.

Q: Are there any potential security concerns with this approach?
A: strongDM controls full access to this proxy configuration, so the risk of falsely redirected traffic is very low. However, if you have concerns, you can choose to download and host the file yourself, as previously mentioned.

If you have trouble connecting to your website, please contact support@strongdm.com with details.

Top