Hello, On Fri, May 5, 2023 at 9:22 AM Carsten Klein <c.klein@xxxxxxxxxxx> wrote: > > Important(?) side note: through DNS the server can only resolve > local/intranet names and addresses. The DNS refuses to resolve > external/Internet names and addresses. Unless NoProxy contains only domain names (e.g. ".mycompany.local") which can be compared verbatim, there will be a DNS resolution for the requested host. And if that DNS resolution fails, NoProxy does not apply (i.e. ProxyRemote is used). > > According to the docs, configuring ProxyRemote and NoProxy should be > quite simple: > > # All requests go through the company's proxy > ProxyRemote "*" "http://10.5.10.20:8080"; > > # Direct requests to all intranet hosts > NoProxy ".mycompany.local" "10.0.0.0/8" So here if the requested host does not end in ".mycompany.local", it will be resolved and compared to the network address. Your configuration depends on DNS, more exactly it depends on DNS to work at least for local/intranet hosts (failures on remote ones shouldn't be an issue but looks fragile and not optimal. It's broken if the DNS does not fail but returns a 10/8 address for whatever reason though). I would try to only set: NoProxy ".mycompany.local" to exclude DNS from the game and see what happens for requests to this domain at least. If it works for those and you still need to also match "10.0.0.0/8" for requests using local IP addresses directly or other/unknown/unlistable local domain names, you probably should have a look at how hosts are resolved on the local DNS when requests are misdirected. Regards; Yann. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|