Hello Yann, thanks for your comments :)
Hello, On Fri, May 5, 2023 at 9:22 AM Carsten Klein <c.klein@xxxxxxxxxxx> wrote:Important(?) side note: through DNS the server can only resolve local/intranet names and addresses. The DNS refuses to resolve external/Internet names and addresses.Unless NoProxy contains only domain names (e.g. ".mycompany.local") which can be compared verbatim, there will be a DNS resolution for the requested host. And if that DNS resolution fails, NoProxy does not apply (i.e. ProxyRemote is used).According to the docs, configuring ProxyRemote and NoProxy should be quite simple: # All requests go through the company's proxy ProxyRemote "*" "http://10.5.10.20:8080"; # Direct requests to all intranet hosts NoProxy ".mycompany.local" "10.0.0.0/8"So here if the requested host does not end in ".mycompany.local", it will be resolved and compared to the network address. Your configuration depends on DNS, more exactly it depends on DNS to work at least for local/intranet hosts (failures on remote ones shouldn't be an issue but looks fragile and not optimal. It's broken if the DNS does not fail but returns a 10/8 address for whatever reason though). I would try to only set: NoProxy ".mycompany.local" to exclude DNS from the game and see what happens for requests to this domain at least. If it works for those and you still need to also match "10.0.0.0/8" for requests using local IP addresses directly or other/unknown/unlistable local domain names, you probably should have a look at how hosts are resolved on the local DNS when requests are misdirected.
External requests (through ProxyRemote) do actually NOT work when NoProxy is set to just ".mycompany.local". According to what you've said, DNS is not part of the game here.
However, external requests DO work when NoProxy is left unset or set to a different (not my local but non-existing) domain, e.g. ".notmycompany.local".
Even more strange: external requests DO work if NoProxy is set to the domain or hostname of the host that serves the external request:
NoProxy ".google.com" -> requesting 'https://www.google.com' works! NoProxy "www.google.com" -> requesting 'https://www.google.com' works! All things considered, NoProxy has only two effects (using names only): Setting to 1. my local domain ".mycompany.local" -> remote proxy is NEVER used 2. anything else (including unset) -> remote proxy is ALWAYS used So, NoProxy is not of much help in this scenario.Since this works with all other software on this host (Apache Tomcat, curl, wget, etc.), this seems to be a bug in Apache httpd (although quite hard to believe).
Do you (or someone else) know where that decision algorithm is actually implemented in those many source files?
Can you (or someone else) setup an environment to test this in order to confirm or refute my findings?
Regards, Carsten
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|