Customize the Secure Access PAC File

After an organization's administrator adds internal domains in Cisco Secure Access, the Secure Access PAC file contains the list of configured internal domains. Web traffic to internal domains is not sent to the secure web gateway (SWG). For more information about internal domains, see Manage Domains.

To bypass additional internal domains on the SWG, you can customize the Secure Access PAC file. Using the Secure Access PAC File URL, download and edit the PAC File, and then add any other internal domains to the PAC File.

If you require any manual editing of the PAC file, you must host the PAC file on a web server in your own environment. For more information about hosting a PAC file, see your web server’s documentation.

Secure Access supports IP-based domains. However, you must enter the IP in the browser’s address bar as the domain portion of the URL. For example, The PAC file does not resolve a domain to IP before matching an IP-based domain for bypass.

Table of Contents


  • Full Admin user role. For more information, see Manage Accounts.
  • To download the Secure Access PAC file, add your network's egress IP to Secure Access as a Registered Network. Secure Access only allows the PAC file to download from a trusted network. For more information, see Manage Registered Networks.


Copy the Secure Access PAC File URL. Then, enter the PAC file URL in your browser and download the PAC file. Open the PAC file in an editor.

Copy the Secure Access PAC File

  1. Navigate to Connect > End User Connectivity > Internet Security.
  2. Copy the Secure Access PAC file URL.

Download the Secure Access PAC File

  1. Paste the copied PAC URL into a browser's address bar and then press Enter or Return to download the PAC file.

Edit the PAC File

  1. Open the downloaded PAC file with a text editor.
  2. Add the internal domains that the web proxy will bypass to the PAC file, and then save the file.
    Note: Provide a comma-delimited list of domain names and surround each domain name in the list with quotation marks. The wildcard character asterisk * is supported and treated as any value of any length. Use extreme caution when using this wildcard as well as periods. For example, * bypasses,, and * bypasses as well as
  3. Save the PAC file.
function FindProxyForURL(url, host) {

        //------------------------Customer Section------------------------
        //Add your internal domains within quotations marks like ""
        //after the right parenthesis below. Please remove the two examples
        //below and add your own internal domains.

        var dont_proxy_customer_list = ["","*.","aaa","*.aaa","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*","","*"];

        //Warning to Administrators: Touching any section after this point might
        //affect your users browsing experience and lead to considerable number
        //of issues and loading your customer support.
        //---------------------End Customer Section-----------------------

        for(var iter = 0; iter < dont_proxy_customer_list.length; ++iter) {
            if(shExpMatch(host, dont_proxy_customer_list[iter])) {
                return "DIRECT";

Deploy the Secure Access PAC File for macOS < Customize the Secure Access PAC File > Manage Domains