Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Request for configuration option to block Internet access when Proxy PAC file if unavailable or cannot be downloaded

  • 2 답장
  • 0 이 문제를 만남
  • 401 보기
  • 최종 답변자: Mike Kaply
  • Open

bsharma427
bsharma427

Hello Everyone,

I am seeking assistance to configure Firefox browser so that internet access is blocked when the browser cannot download or access the proxy Auto-configuration (PAC) file. Our organisation enforces all web traffic through proxy servers defined by a PAC file. For compliance and security reasons, users should not have any direct internet access unless the browser is able to successfully retrieve and apply the PAC file.

The desired behaviour is:

1. Firefox attempts to download the PAC file from a defined URL. 2. If the PAC file is unreachable or fails to load (e.g., due to network restrictions or the device being outside the corporate network), Firefox should "fail closed" - meaning it should not allow any direct internet traffic. 3. This is effectively a "fail-block" mode: no fallback to direct connections, and no cached or bypassed proxy settings should allow internet browsing.

This behaviour is critical to prevent devices from accessing the internet without applying corporate proxy rules. I would like to know:

1/ Whether Firefox currently supports a setting or policy that enforces this fail-block condition when the PAC file is unavailable. 2/ If not, whether there are recommended configurations or enterprise policies (e.g., via `policies.json` or Group Policy templates) that could achieve equivalent enforcement.

Thank you for your assistance and guidance.

Hello Everyone, I am seeking assistance to configure Firefox browser so that internet access is blocked when the browser cannot download or access the proxy Auto-configuration (PAC) file. Our organisation enforces all web traffic through proxy servers defined by a PAC file. For compliance and security reasons, users should not have any direct internet access unless the browser is able to successfully retrieve and apply the PAC file. The desired behaviour is: 1. Firefox attempts to download the PAC file from a defined URL. 2. If the PAC file is unreachable or fails to load (e.g., due to network restrictions or the device being outside the corporate network), Firefox should "fail closed" - meaning it should not allow any direct internet traffic. 3. This is effectively a "fail-block" mode: no fallback to direct connections, and no cached or bypassed proxy settings should allow internet browsing. This behaviour is critical to prevent devices from accessing the internet without applying corporate proxy rules. I would like to know: 1/ Whether Firefox currently supports a setting or policy that enforces this fail-block condition when the PAC file is unavailable. 2/ If not, whether there are recommended configurations or enterprise policies (e.g., via `policies.json` or Group Policy templates) that could achieve equivalent enforcement. Thank you for your assistance and guidance.

모든 댓글 (2)

Mike Kaply
Mike Kaply
  • Moderator
Mozilla 직원

Sorry for the lack of response. I've been thinking about this.

I researched this and I don't see any browsers having the ability to do this.

PAC files are cached though, so if it can't be obtained, it should use the cached version?

Mike Kaply
Mike Kaply
  • Moderator
Mozilla 직원

I'm wrong. We don't cache the PAC file.

I did some research on this, and other browsers don't use PAC to cause the browser to be the security boundary.

This seems like something that might be useful, though. We are currently working on a Firefox Enterprise project, so I can take this as a potential thing we can implement.

질문하기

글에 답글을 달기 위해서는 계정으로 로그인해야만 합니다. 계정이 아직 없다면 새로운 질문을 올려주세요.