# Connect to Websites

### Overview

When connecting to a website resource through StrongDM, traffic is proxied from your system through your gateways or relays to reach the final site.

For your system to understand what web requests to proxy, you need to configure a [Proxy Auto-Configuration (PAC)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file) file. This file allows you to check your host URLs against an `*.sdm.network` expression to determine if the specified proxy should occur through StrongDM.

We recommend using our PAC file for this task.

{% hint style="info" %}
Note that it is not necessary to run either the `sdm connect` or `sdm disconnect` commands for this website resource *except* in [specific instances](/users/connect.md#connection).
{% endhint %}

### Prerequisites

Before you get started with the configuration steps in this guide, make sure the following conditions are met:

* The web resource is created under the **Websites** section of the Admin UI. For more information, see [Websites](/admin/resources/websites.md).
* The intended users have access to view the website resource. For more, see the [Roles](/admin/access/roles.md) page.

### Configure PAC on Windows

Use the following steps to automatically set up a proxy in the Windows automatic proxy settings.

1. Open the **Settings** from the Windows menu.
2. Click **Network & Internet**.
3. Open the **Proxy** tab.
4. Enable **Use setup script**.
5. Add `https://app.strongdm.com/proxy.pac` to the **Script address** field.

   ![](/files/OHGffE2In9xNIjEASB8f)
6. Click **Save**.
7. Log in to the StrongDM Desktop application.
8. Open the website in your browser and it successfully displays.

### Configure PAC on macOS

Use the following steps to enable automatic proxy configuration on macOS.

1. Open your System Settings and select the **Network** icon.
2. Choose your current connection method (for example, wireless or ethernet) and view the details for that connection.
3. Click the **Proxies** tab.
4. Enable **Automatic proxy configuration**.
5. Add `https://app.strongdm.com/proxy.pac` to the **URL** field.

   ![](/files/XOHYAOSr7xSyBNhDgTNS)
6. Click **OK**.
7. If prompted, enter your admin password.
8. Log in to the StrongDM Desktop application.
9. Open the website in your browser and it successfully displays.

{% hint style="info" %}
If you connect to StrongDM resources via a VPN, you may need to add the PAC to the VPN connection within macOS network settings.
{% endhint %}

### Use cURL With StrongDM

If you prefer to bypass the PAC file, you can use curl to send and receive `*.sdm.network` web traffic through StrongDM. For example, this can be helpful when testing programmatic connections to a site.

By default, curl sends an HTTP GET request. All curl requests are made through localhost on port 65230 and require `*.sdm.network` in the header. You can use the `-x` or `--proxy` switch to supply curl with proxy details. Both switches accomplish the same goal.

1. Once a resource is configured in the [Websites](/admin/resources/websites.md) section of the StrongDM Admin UI, run `sdm status` in the CLI.
2. Check the **URL** column in the output, which displays the configured websites with this basic URL pattern:

   `http://<HTTP_SUBDOMAIN>.<WEB_DOMAIN>.sdm.network/<PATH>`

   ```sh
   WEBSITE      URL                                                          TAGS
   Example1     http://simple-web-page.my-organization.sdm.network/phpinfo.php    temporary access until 11:27AM
   ```

   If we break down our Example1 website above, we can see the following URL components:

   * `<HTTP_SUBDOMAIN>` is listed before the web domain (for example, `simple-web-page`) and is a reference to the resource in question.
   * `<WEB_DOMAIN>` precedes `.sdm.network` (for example, `my-organization`). This value is used organization-wide. It can be found in your Admin UI under **Settings** > **Account**. The web domain does not typically change during the lifetime of your deployment. The web domain is often the organization's name with spaces and special characters removed, but can be different.
   * `<PATH>` indicates the full path of the resource you are trying to access on that website (for example, `/phpinfo.php`).
3. Use the following curl command to specify StrongDM as the HTTP proxy. Replace with the values from the `sdm status` output in [step 2](#use-curl-with-strongdm).

   ```sh
   curl -k -x localhost:65230 <URL_FROM_SDM_STATUS_OUTPUT>/<PATH>
   ```

   ```sh
   curl -k -x localhost:65230 http://simple-web-page.my-organization.sdm.network/phpinfo.php
   ```

{% hint style="info" %}
If using Windows PowerShell, the `curl` command may be mapped as an alias to the `Invoke-WebRequest` cmdlet. Therefore, use the `curl.exe` executable directly instead of the `curl` command.
{% endhint %}

### Add to an Existing Proxy

If your system already has a proxy configured, you can append the following rules to your existing configuration:

```javascript
function FindProxyForURL(url, host) {
  if (shExpMatch(host, "proxyerror.sdm.network")) {
    return "DIRECT";
  }
  if (shExpMatch(host, "*.sdm.network")) {
    return "PROXY localhost:65230";
  }
  return "DIRECT";
}
```

### FAQ

**Q: What is the proxy.pac file that the URL is pointing to?**\
A: A PAC file contains a JavaScript function that tells the HTTP client which proxy server to connect to for specifically defined URLs. To learn more, see the [Mozilla Developer Docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file#shexpmatch).

**Q: What does the StrongDM PAC file do?**\
A: It sends any web requests containing `sdm.network` in the URL to be proxied through a port on the localhost. All other connection attempts go directly to the intended site.

**Q: Is there an alternative to pointing to the StrongDM hosted PAC file?**\
A: Yes, you could also download the PAC file and host it on your own web servers. It does not have to be dynamically loaded from our server.

**Q: Are there any potential security concerns with this approach?**\
A: StrongDM controls full access to this proxy configuration, so the risk of falsely redirected traffic is very low. However, if you have concerns, you can choose to download and host the file yourself, as previously mentioned.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.strongdm.com/users/connect/connect-websites.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.