AI Tools Blocklist
Home AI Tools Database Taxonomy Pricing
Solutions
Enterprise IT & CISO Education Firewall Admins Shadow AI Prevention
Integrations
Palo Alto Networks FortiGate Cisco Umbrella pfSense REST API
Download Free Sample
PAC File Deployment Guide

Block AI Tools with PAC Files at the Browser Level

Block 16,024+ AI-tool domains at the browser level with zero client software. Deploy via WPAD, GPO, or MDM using our daily-updated domain feed.

16,024+AI Domains
PACNative Format
0Agents Required
18Categories
Download Sample Domain List View Pricing
The Challenge

Why PAC Files Are a Practical Solution for AI-Tool Blocking

Many organizations need to block AI tools but lack a forward proxy, SWG, or NGFW with URL filtering. PAC files fill that gap with zero infrastructure.

What Is a PAC File? A JavaScript file the browser downloads and executes locally to decide whether each URL request connects directly or routes through a proxy.
How AI Blocking Works Route AI-tool domains to a non-existent proxy or a block-page server. All other traffic connects directly. No appliance, agent, or DNS sinkhole needed.
Universal Browser Support PAC files run in every major browser on Windows, macOS, Linux, ChromeOS, and managed mobile platforms.
Scope: Strength and Limitation PAC files block browser-based access effectively but do not cover standalone desktop apps or CLI tools that bypass browser proxy settings. For most organizations, the primary risk is employees pasting data into web-based AI chatbots — and PAC files cover that immediately.
Our PAC-Compatible Feed We publish 16,024+ AI-tool domains updated daily. Embed them directly into a PAC file or consume via API to generate PAC files dynamically.

PAC Files vs. Other Blocking Methods

Zero
Infrastructure required
<1 KB
PAC file size (compressed)
All
Major browsers supported
GPO
Central deployment
PAC File Fundamentals

Understanding PAC File Syntax and the FindProxyForURL Function

Every PAC file contains a single JavaScript function: FindProxyForURL(url, host). The browser calls it for every request and routes traffic based on the return value.

Return Values

Return StringBehavior
"DIRECT"Connect without a proxy
"PROXY host:port"Route through an HTTP proxy
"SOCKS host:port"Route through a SOCKS proxy

Returning a proxy address that doesn't exist or serves a block response effectively blocks the request.

Key Helper Functions

dnsDomainIs(host, domain) Returns true if the hostname ends with the specified domain suffix. Best for AI-tool blocking.
shExpMatch(host, pattern) Shell-expression matching with wildcard support for flexible pattern matching.
localHostOrDomainIs(host, hostdom) Matches exact hostnames or subdomains without substring false positives.

Block Response Options

PROXY 127.0.0.1:9 Routes to discard protocol. Functional but shows a confusing connection-refused error to users.
PROXY block.internal:8080 Lightweight HTTP server returning a branded block page with policy explanation and exception request link.
// PAC file: Block AI tools, allow everything else
// Save as proxy.pac or wpad.dat and host on an internal web server

function FindProxyForURL(url, host) {

    // Normalize hostname to lowercase
    host = host.toLowerCase();

    // --- AI Tool Domains to Block ---
    // Text & Language AI
    if (dnsDomainIs(host, "openai.com") ||
        dnsDomainIs(host, "chat.openai.com") ||
        dnsDomainIs(host, "chatgpt.com") ||
        dnsDomainIs(host, "anthropic.com") ||
        dnsDomainIs(host, "claude.ai") ||
        dnsDomainIs(host, "gemini.google.com") ||
        dnsDomainIs(host, "bard.google.com") ||
        dnsDomainIs(host, "perplexity.ai") ||
        dnsDomainIs(host, "you.com") ||
        dnsDomainIs(host, "poe.com") ||
        dnsDomainIs(host, "writesonic.com") ||
        dnsDomainIs(host, "jasper.ai") ||
        dnsDomainIs(host, "copy.ai")) {
        return "PROXY block.internal.corp:8080";
    }

    // Code & Development AI
    if (dnsDomainIs(host, "github.com") &&
        shExpMatch(url, "*copilot*")) {
        return "PROXY block.internal.corp:8080";
    }
    if (dnsDomainIs(host, "copilot.github.com") ||
        dnsDomainIs(host, "codeium.com") ||
        dnsDomainIs(host, "cursor.sh") ||
        dnsDomainIs(host, "tabnine.com") ||
        dnsDomainIs(host, "replit.com")) {
        return "PROXY block.internal.corp:8080";
    }

    // Image & Visual AI
    if (dnsDomainIs(host, "midjourney.com") ||
        dnsDomainIs(host, "stability.ai") ||
        dnsDomainIs(host, "leonardo.ai") ||
        dnsDomainIs(host, "dall-e.com") ||
        dnsDomainIs(host, "deepai.org")) {
        return "PROXY block.internal.corp:8080";
    }

    // All other traffic: connect directly
    return "DIRECT";
}

The example above is a simplified static PAC file. In production, generate the PAC file dynamically from our API or use a hash-based lookup to match 16,024+ domains efficiently.

Performance Considerations

PAC files execute in a sandboxed JavaScript environment inside the browser. The function is called for every URL request, including embedded resources. For large domain lists, use a sorted array with binary search or a hash-set lookup to keep resolution time O(log n) or O(1) instead of O(n).

Block Response Options

Loopback discard: PROXY 127.0.0.1:9 — functional but shows a confusing connection-refused error.
Block-page server: Run a lightweight nginx/IIS instance returning a branded HTML page.
Include: Policy explanation and an exception-request link on the block page.
Dynamic Generation

Generating PAC Files Dynamically from the AI Tools Blocklist API

Static PAC files with hardcoded domains become stale as new AI tools launch daily. Dynamic generation solves this with a server-side script that fetches current domains from our API.

The browser fetches the PAC file on startup and at configurable intervals (typically every few hours), ensuring a current blocklist without manual intervention.

API Feed Features

Category filtering — request only text-and-language AI domains while allowing code-development tools
Risk-score thresholds — block only high-risk AI tools above your chosen score
PAC-ready format — output domains in syntax ready for direct PAC file embedding
Plain-text list output — ideal for server-side PAC file generation scripts

The PHP script below acts as a dynamic PAC file generator. Host it on an internal web server and point your WPAD or GPO configuration to its URL. It caches the API response for one hour to avoid rate limits.

# Dynamic PAC file generator (PHP)
# Host at: http://wpad.corp.example.com/wpad.dat
# Fetches AI domains from the blocklist API, caches for 1 hour

<?php
header('Content-Type: application/x-ns-proxy-autoconfig');
header('Cache-Control: max-age=3600');

$cacheFile = '/tmp/ai-blocklist-cache.json';
$cacheTTL  = 3600;

if (!file_exists($cacheFile) ||
    time() - filemtime($cacheFile) > $cacheTTL) {
    $response = file_get_contents(
        'https://api.aitoolsblocklist.com/v1/domains?format=list&key=YOUR_KEY'
    );
    file_put_contents($cacheFile, $response);
} else {
    $response = file_get_contents($cacheFile);
}

$domains = array_filter(explode("\n", trim($response)));

// Build the dnsDomainIs() conditions
$conditions = [];
foreach ($domains as $d) {
    $d = trim(strtolower($d));
    if ($d) $conditions[] = 'dnsDomainIs(h,"'.$d.'")';
}

echo "function FindProxyForURL(url, host) {\n";
echo "  var h = host.toLowerCase();\n";
echo "  if (" . implode(" ||\n      ", $conditions) . ") {\n";
echo "    return \"PROXY block.internal.corp:8080\";\n";
echo "  }\n";
echo "  return \"DIRECT\";\n";
echo "}\n";
?>

This approach scales to tens of thousands of domains. For even better performance with very large lists, use a hash-set approach where domains are checked with the in operator for O(1) lookups.

Content-Type Matters

Required MIME Type The PAC file must be served as application/x-ns-proxy-autoconfig. IE and legacy Edge silently ignore files served with incorrect types.
Apache Add AddType application/x-ns-proxy-autoconfig .pac .dat to your configuration.
Nginx Add the type to the mime.types file or use default_type in the location block.
IIS Add the MIME mapping in the site's properties for .pac and .dat extensions.
WPAD Deployment

Web Proxy Auto-Discovery (WPAD): Automatic PAC File Distribution

WPAD lets browsers discover and download PAC files automatically with zero client-side configuration. It is enabled by default on Windows.

Discovery Mechanisms

1
DHCP Option 252 (Priority) The browser queries DHCP for a PAC file URL. Works even when the client is not in a domain.
2
DNS Fallback If DHCP fails, the browser performs a DNS lookup for wpad.<domain> and downloads /wpad.dat from that host.

Every Windows machine with default settings, every macOS machine with "Auto Proxy Discovery" enabled, and every managed Chromebook will automatically discover your AI-blocking PAC file.

DHCP-Based WPAD (Option 252)

Windows DHCP Server Open DHCP Management Console → Scope Options → add option 252 with value http://wpad.corp.example.com/wpad.dat.
ISC DHCP (Linux) Define option wpad-url code 252 = text; then set option wpad-url "http://wpad.corp.example.com/wpad.dat"; in the subnet declaration.

DNS-Based WPAD

Create an A record for wpad in your internal DNS zone pointing to the web server hosting your PAC file. The browser constructs http://wpad.<domain>/wpad.dat automatically.

For example, if the client's DNS suffix is corp.example.com, it tries http://wpad.corp.example.com/wpad.dat. Ensure the server responds with the correct MIME type.

# DNS configuration for WPAD (BIND zone file)
# Add this A record to your internal DNS zone

wpad    IN  A   10.0.1.50

# If using CNAME (less common but works in some environments):
wpad    IN  CNAME   internal-webserver.corp.example.com.

# --- Web server configuration ---

# Apache: Add MIME type for PAC files
# /etc/apache2/sites-enabled/wpad.conf
<VirtualHost *:80>
    ServerName wpad.corp.example.com
    DocumentRoot /var/www/wpad
    AddType application/x-ns-proxy-autoconfig .dat .pac
    <Directory /var/www/wpad>
        Options -Indexes
        AllowOverride None
        Require all granted
    </Directory>
</VirtualHost>

# Nginx: Add MIME type and serve wpad.dat
# /etc/nginx/conf.d/wpad.conf
server {
    listen 80;
    server_name wpad.corp.example.com;
    root /var/www/wpad;

    location = /wpad.dat {
        types { }
        default_type application/x-ns-proxy-autoconfig;
    }
}

# IIS: Add MIME mapping via PowerShell
Add-WebConfigurationProperty -PSPath 'MACHINE/WEBROOT/APPHOST' `
    -Filter "system.webServer/staticContent" `
    -Name "." `
    -Value @{
        fileExtension = '.dat'
        mimeType      = 'application/x-ns-proxy-autoconfig'
    }

High Availability

The WPAD server is a critical dependency. Chrome and Edge cache the last-known PAC file and fall back to DIRECT if it's unavailable. Firefox retries periodically. Deploy behind a load balancer or use DNS round-robin for redundancy.

WPAD Security

If an attacker registers the wpad DNS name or responds to DHCP option 252, they can serve a malicious PAC file. Mitigate by explicitly registering the hostname in DNS, blocking external WPAD queries at the firewall, and using DHCP snooping.

Refresh Behavior

Chrome re-fetches the PAC file on network changes and periodically. Firefox respects the HTTP Cache-Control header. Set max-age=3600 on PAC file responses to ensure hourly updates without excessive polling.

Enterprise Deployment

Deploying PAC Files via Group Policy, Intune, and Configuration Profiles

Explicit PAC file assignment via GPO or MDM is more deterministic than WPAD. It guarantees application regardless of DHCP/DNS configuration and is easier to audit.

Windows Group Policy (GPO)

GPO sets the proxy auto-configuration URL in Windows Internet Settings. This applies to IE, legacy Edge, Chromium Edge, and Chrome (which reads system proxy settings by default).

1
Open Group Policy Management Console Create or edit a GPO linked to the target organizational units.
2
Navigate to Registry Preferences Go to User Configuration > Preferences > Windows Settings > Registry.
3
Set the AutoConfigURL Registry Value Create a registry item with the PAC file URL. Optionally add Chrome-specific and Edge-specific policy keys.
# GPO Registry Settings for PAC File
# Path: User Configuration > Preferences > Windows Settings > Registry

# Enable automatic proxy configuration
Key:   HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Value: AutoConfigURL
Type:  REG_SZ
Data:  http://wpad.corp.example.com/wpad.dat

# Disable "Automatically detect settings" to prevent WPAD override
Key:   HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Value: DefaultConnectionSettings
# Byte 8 bit 4: 0 = disable auto-detect, 1 = enable

# --- Chrome-specific policy (if not using system settings) ---
# ADMX: Google Chrome > Proxy Settings
Key:   HKLM\Software\Policies\Google\Chrome
Value: ProxyPacUrl
Type:  REG_SZ
Data:  http://wpad.corp.example.com/wpad.dat

Key:   HKLM\Software\Policies\Google\Chrome
Value: ProxyMode
Type:  REG_SZ
Data:  pac_script

# --- Edge Chromium-specific policy ---
Key:   HKLM\Software\Policies\Microsoft\Edge
Value: ProxyPacUrl
Type:  REG_SZ
Data:  http://wpad.corp.example.com/wpad.dat

Key:   HKLM\Software\Policies\Microsoft\Edge
Value: ProxyMode
Type:  REG_SZ
Data:  pac_script

# --- PowerShell: Apply PAC URL to all users immediately ---
$pac = "http://wpad.corp.example.com/wpad.dat"
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" `
    -Name "AutoConfigURL" -Value $pac

# Verify the setting was applied
Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings" `
    -Name "AutoConfigURL"

Microsoft Intune (Cloud-Managed Devices)

Windows 10/11 via Settings Catalog Create a device configuration profile, search for "Proxy" in the Settings Catalog, and set the Auto Config URL with your PAC file URL. Applies to both Edge and system-level proxy settings.
macOS via Custom Profile Create a custom profile using an XML payload that sets ProxyAutoConfigURLString in the com.apple.SystemConfiguration domain. Alternatively, use a Jamf-managed network profile per Wi-Fi SSID.

macOS Configuration Profiles (Jamf, Mosyle, Kandji)

Per-Interface Proxy Settings On macOS, proxy auto-configuration is set per network interface. An MDM profile can enforce the PAC URL for specific Wi-Fi networks or all Ethernet connections.
Jamf Pro Configuration Create a Configuration Profile → Network payload → set Proxy Type to Automatic with the Proxy Setup URL. Applies to Safari, Chrome, and all apps that respect macOS proxy settings.
Firefox Requires Separate Config Firefox on macOS uses its own proxy settings. Deploy a policies.json file to /Applications/Firefox.app/Contents/Resources/distribution/ or configure via autoconfig.js.

Windows Deployment

GPO is the most robust method for domain-joined machines. Set PAC URL via registry preferences (not deprecated IE Maintenance). For non-domain machines, use Intune or a PowerShell login script. Chrome and Edge both respect system proxy settings unless browser-specific policies override.

macOS Deployment

MDM configuration profiles enforce PAC URLs at the system level. Safari and Chrome respect the system setting. Firefox uses its own proxy stack and requires a separate policy — deploy a policies.json file to /Applications/Firefox.app/Contents/Resources/distribution/ with the WebProxy > AutoConfigURL key pointing to your PAC file.

Browser Compatibility

Browser-Specific PAC File Behaviors and Edge Cases

Browsers handle PAC files differently in caching, failover, DNS resolution, and error handling. Understanding these differences is essential for reliable cross-browser deployment.

Google Chrome / Chromium

Resolves DNS in PAC files asynchronouslydnsResolve() may differ from other browsers.
Caches PAC files aggressively; re-fetches on network changes.
Reads the system proxy setting by default on Windows.
Override via --proxy-pac-url flag or ProxyPacUrl enterprise policy.
Uniquely supports HTTPS proxy types in PAC return values.

Mozilla Firefox

Uses its own proxy settings — system/GPO proxy config does not apply.
Configure via about:preferences > Network Settings or autoconfig.js.
Supports WPAD, but must be explicitly enabled in settings.
Resolves DNS synchronously — avoid dnsResolve() to prevent timeouts.

Apple Safari

Uses macOS system proxy — MDM or System Preferences config applies automatically.
Caches PAC files and re-evaluates on network changes.
Strict ES3 engine — no const, let, arrow functions, or template literals.
Use only var declarations and traditional function syntax.

Microsoft Edge (Chromium)

Shares Chrome's proxy stack — identical PAC file behavior.
Reads system proxy on Windows/macOS by default.
Override via ProxyMode and ProxyPacUrl Edge enterprise policies.
Intune device configuration profiles are the recommended cloud-managed approach.

Cross-Browser Best Practices

Use only ES3 syntaxvar instead of let/const, traditional function declarations, no arrow functions or template literals
Avoid dnsResolve() — introduces DNS latency on every request and behaves differently across browsers
Stick to dnsDomainIs() and shExpMatch() — string comparison only, no DNS overhead
No modern array methods — avoid Array.includes() or Array.indexOf(); use a for-loop instead
Always return a value — if FindProxyForURL returns undefined, Chrome falls back to DIRECT but older browsers may block all traffic
Advanced Patterns

Efficient Domain Matching for Large AI Blocklists

Chaining thousands of dnsDomainIs() calls becomes unwieldy and slow. The PAC sandbox lacks Set and Map, but plain JavaScript objects enable efficient lookups.

The best approach is a hash-set using a JavaScript object. Domains become keys, and each request checks hostname existence via the [] operator for O(1) average-case lookup time.

// High-performance PAC file with hash-set domain lookup
// Handles 40,000+ domains with O(1) lookup time

var BLOCKED = {
    "openai.com": 1,
    "chatgpt.com": 1,
    "anthropic.com": 1,
    "claude.ai": 1,
    "gemini.google.com": 1,
    "midjourney.com": 1,
    "stability.ai": 1,
    "perplexity.ai": 1,
    "cursor.sh": 1,
    "copilot.github.com": 1,
    "codeium.com": 1,
    "writesonic.com": 1,
    "jasper.ai": 1,
    "copy.ai": 1,
    "replit.com": 1,
    "huggingface.co": 1,
    "leonardo.ai": 1,
    "poe.com": 1
    // ... 40,000+ entries generated by API
};

function FindProxyForURL(url, host) {
    var h = host.toLowerCase();

    // Direct lookup
    if (BLOCKED[h]) {
        return "PROXY block.internal.corp:8080";
    }

    // Walk up domain hierarchy for subdomain matching
    // e.g., "api.openai.com" matches "openai.com"
    var parts = h.split(".");
    for (var i = 1; i < parts.length - 1; i++) {
        var parent = parts.slice(i).join(".");
        if (BLOCKED[parent]) {
            return "PROXY block.internal.corp:8080";
        }
    }

    return "DIRECT";
}

This pattern handles subdomain matching automatically. When a user navigates to api.openai.com, the function walks up the hierarchy and matches openai.com. The loop stops before checking the TLD to avoid false positives.

Category-Based Blocking Extension Assign category codes instead of simple 1 values to enable per-category policies. Our API outputs domains with category tags, and the dynamic PAC generator can produce files that check category membership via bitmask or integer code.
Monitoring

Monitoring, Logging, and Troubleshooting PAC File Deployments

PAC file enforcement happens in the browser, not on a network device. There is no centralized log of blocked requests by default — your monitoring strategy depends on your block response approach.

ApproachVisibilityUser ExperienceCost
Block-page proxy Full audit trail — timestamp, client IP, hostname Branded block page with policy explanation Single nginx instance
Loopback (127.0.0.1:9) No logging — no server to record the request Confusing connection-refused error Zero

Debugging PAC Files

chrome://net-internals/#proxy — shows PAC URL, download status, and FindProxyForURL() results.
about:networking#dns and browser console show proxy resolution results.
Verify AI-tool domains resolve to the block proxy using these tools.

Common Failures

#1 Wrong MIME type: Server returns text/html instead of application/x-ns-proxy-autoconfig — browser silently ignores the file.
#2 Syntax error: Any JS error causes the entire PAC file to be rejected.
Test with pacparser (open-source PAC evaluator) before deploying.

Bypass Prevention

Users can bypass by changing browser proxy settings manually.
GPO: Set ProxySettingsPerUser to 0 — requires admin rights to change.
macOS: Lock via MDM-enforced configuration profiles.
Chrome/Edge enterprise policies can also lock proxy configuration.

For comprehensive monitoring, pair PAC file blocking with DNS-level monitoring using our DNS blocklist. DNS queries catch non-browser applications that bypass PAC enforcement entirely.

Limitations

PAC File Limitations and Complementary Security Controls

PAC files are a pragmatic, low-cost solution for AI-tool blocking, but they have inherent limitations. Understand these before relying on PAC files as your sole enforcement mechanism.

What PAC Files Cannot Do

Standalone desktop AI clients — apps that don't use browser proxy settings are unaffected
CLI toolscurl, AI-tool CLIs, and scripts bypass PAC file enforcement
Browser extensions — extensions making direct connections are not routed through PAC
Content inspection — PAC files route by URL/hostname only, cannot detect sensitive data in requests
Activity differentiation — cannot distinguish browsing an AI tool's marketing page from actually using the service
Hardcoded proxy apps — applications that set their own proxy configuration ignore PAC files

For content-level enforcement and DLP, you need SSL inspection via a forward proxy or SWG.

Layer PAC Files with DNS Blocking

PAC files block browser traffic with a user-friendly block page.
DNS sinkholes catch CLI tools, desktop apps, and non-browser applications.
Deploy both layers for comprehensive coverage.
Our DNS blocklist shares the same domain database as the PAC feed.

Migration Path to Full Proxy

Start: PAC files as an immediate, zero-infrastructure blocking measure.
Migrate: Update PAC to route all traffic through your new SWG proxy.
Transition: AI domain list moves from PAC file to SWG URL filtering engine.
Our blocklist supports both models with the same subscription.

Ready to Block AI Tools with a PAC File?

Download the sample domain list to test your PAC file setup, or tell us about your environment and we will generate a ready-to-deploy PAC file customized for your infrastructure.

Download Free Domain Sample View Plans

Request a PAC File AI Blocklist

Tell us your proxy infrastructure, browser mix, and deployment method. We will generate a ready-to-deploy PAC file within 24 hours.