none
IT Proxy exceptions not applying? RRS feed

  • Question

  • Hi,

    We have an internal domain environment xyz.com.au and an external facing dns domain xyz.com

    We are publishing both as proxy bypasses in IE 11 however attempts to resolve hosts in the xyz.com domain are not bypassing proxy unless xyz.com is the first entry in the bypass list.

    eg.

    - if we bypass "*.xyz.com;*.xyz.com.au", we can reach hosts in the xyz.com domain directly.

    - if we bypass "*.xyz.com.au;*.xyz.com", we can't reach hosts in the xyz.com domain and we can see traffic for this domain is being send via the proxy.

    Can anyone how proxy bypassing should be implemented for similar domains or explain the above behaviour?

    Thanks,

    Shane.

    Friday, October 14, 2016 5:17 AM

Answers

  • Hi ,

    I don't understand how IE would match a host in xyz.com to xyz.com.au. 
    According to your description, are you suspecting that it is related to IE?
    Based on my understanding, this action is main related to DNS, not browser. We could use test it using Chrome, check if it persists when using Chrome.

    Best regards


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 24, 2016 8:56 AM
    Moderator

All replies

  • Hi Shane,

    To my knowledge, this situation depends on How DNS lookup works. DNS will look up .com.au before .com. If .com.au (xyz.com.au)meets, then look up operation will stop. So if we bypass "*.xyz.com.au;*.xyz.com" in that order, we can't reach hosts in the xyz.com domain.

    We could use Nslookup command to check and verify it.
    https://technet.microsoft.com/en-us/library/cc940085.aspx

    Best regards


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 18, 2016 8:49 AM
    Moderator
  • Hi Rick,

    Thanks for your reply. Conceptually this makes sense, however I don't understand how IE would match a host in xyz.com to xyz.com.au

    I understand that this should apply to a domain prefix that is wildcarded (ie. abc.xyz.com would match *.xyz.com), but now where the domain suffix is different (ie. abc.xyz.com shoud not match *.xyz.com.au

    Does IE just do a substring compare on the proxy exceptions list?

    Tuesday, October 18, 2016 9:00 AM
  • Hi ,

    I don't understand how IE would match a host in xyz.com to xyz.com.au. 
    According to your description, are you suspecting that it is related to IE?
    Based on my understanding, this action is main related to DNS, not browser. We could use test it using Chrome, check if it persists when using Chrome.

    Best regards


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 24, 2016 8:56 AM
    Moderator