To use it, a PAC file is published to a HTTP server, and client user agents are instructed to use it, either by entering the URL in the proxy connection settings of the browser or through the use of the WPAD protocol.
It would be, however, reasonable to assume that application/x-ns-proxy-autoconfig will be supported in more clients than application/x-javascript-config as it was defined in the original Netscape specification, the latter type coming into use more recently.
A very simple example of a PAC file is: This function instructs the browser to retrieve all pages through the proxy on port 8080 of the server proxy.example.com.
[6] The threat involves using a PAC, discovered automatically by the system, to redirect the victim's browser traffic to an attacker-controlled server instead.
Another issue with pac-file is that the typical implementation involve clear text http retrieval, which does not include any security features such as code signing or web certificates.
Caching of proxy auto-configuration results by domain name in Microsoft's Internet Explorer 5.5 or newer limits the flexibility of the PAC standard.
[7] It is recommended to always use IP addresses instead of host domain names in the isInNet function for compatibility with other Windows components which make use of the Internet Explorer PAC configuration, such as .NET 2.0 Framework.
Shortly after switching between network configurations (e.g. when entering or leaving a VPN), dnsResolve may give outdated results due to DNS caching.
Flushing the system's DNS cache may also help, which can be achieved e.g. in Linux with sudo service dns-clean start or in Windows with ipconfig /flushdns.