Add option to exclude ip/hostname from proxy#3000
Conversation
|
@corest thanks for the PR, this is a good feature to have. This is pretty well implemented except for two things:
Let me know if you want to make an update, otherwise we can do it but it may take a little longer. |
|
I have read the CLA Document and I hereby sign the CLA 1 out of 2 committers have signed the CLA. |
|
I have read the CLA Document and I hereby sign the CLA |
|
recheck |
|
@TheTechromancer thx for a quick feedback. I updated PR addressing both comments:
|
|
before we get too deep, this is still targeting stable - with 3.0 release coming soon (hopefully) if we dont rebase to 3.0 now this will just create more work later. I'm going to go ahead and change the base, you might get some conflicts... sorry @TheTechromancer unless you think there's another 2.x.x release you want to stick this on? |
Use radixtarget library for proxy exclusion lookups, consistent with how targets and blacklists are handled. Supports hostnames, IPs, CIDRs, and NO_PROXY conventions (*.domain, .domain, wildcard *). - Add http_proxy_exclude config and --no-proxy CLI arg - Export NO_PROXY environment variable for external tools - Add tests for proxy exclusion and passthrough behavior
corest
force-pushed
the
feature/exclude-proxy-config
branch
from
9aef925 to
ae864c6
Compare
|
@corest thanks for the updates; tests look good. We're currently replacing our web library so this will be merged as soon as that's done. |
|
@corest If you can clear the current merge conflict, we can get this merged soon |
# Conflicts: # bbot/core/helpers/web/engine.py
|
Resolved the merge conflict on this branch. The conflict was a modify/delete: this PR was adding proxy-exclusion logic to I ported the equivalent logic to its new home in
Everything else from the PR ( Verified with the two tests in this PR plus a programmatic check covering |
…sthttp 0.8.0 Wire web.http_proxy_exclude into blasthttp's per-request no_proxy parameter in _build_blasthttp_kwargs, so it flows to both single request()/download() and batch (BatchConfig). Only forward it when a proxy is set — blasthttp 0.8.0 errors on no_proxy without a proxy, and the exclusion is meaningless otherwise. Bump the blasthttp pin to >=0.8.0, where no_proxy support and per-redirect-hop proxy re-evaluation landed. Regenerate docs. Builds on the http_proxy_exclude config + --no-proxy CLI flag from blacklanternsecurity#3000.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## dev #3000 +/- ##
=====================================
- Coverage 90% 90% -0%
=====================================
Files 441 441
Lines 38965 39003 +38
=====================================
+ Hits 34881 34909 +28
- Misses 4084 4094 +10 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
4 participants
Motivation for this change is very simple.
I have internal Elasticsearch, that I use as http output destination in presets.
When I use web proxy to access some of targets from different locations, I run into issue, that bbot can't write results into Elasticsearch because it tries to go via proxy.
This configuration option adds possibility to exclude listed endpoints from going via proxy.
Most of code is written by Claude. I'll gladly address any comments on how to improve this. Sorry in advance, if change doesn't follow some of contribution rules.