For certain websites, you can use HTTP-proxy exceptions to bypass HTTP-proxy rules, but not bypass the proxy framework. Traffic that matches HTTP-proxy exceptions is still handled by the HTTP-proxy, but, when a match occurs, some proxy settings are bypassed.
Bypassed Proxy Settings
These settings are bypassed for HTTP-proxy exceptions:
- HTTP request — Idle timeout, range requests, URL path length, all request methods, all URL paths, request headers, authorization pattern matching
- HTTP response — Idle timeout, response headers, content types, cookies, body content types
- Reputation Enabled Defense — for sites on the HTTP-proxy exceptions list the reputation score is set to -1
Request headers and response headers are parsed by the HTTP-proxy even when the traffic matches the HTTP-proxy exception. If a parsing error does not occur, all headers are allowed. Antivirus scanning and WebBlocker are not applied to traffic that matches an HTTP-proxy exception.
Included Proxy Settings
These settings cannot be bypassed by an HTTP-proxy exception:
- HTTP response — Maximum line length limit, maximum total length limit
All transfer-encoding parsing is still applied to allow the proxy to determine the encoding type. The HTTP-proxy denies all invalid or malformed transfer encoding.
You can add host names or patterns as HTTP-proxy exceptions. For example, if you block all websites that end in .test but want to allow your users to go to the site www.example.test, you can add www.example.test as an HTTP-proxy exception.
When you define exceptions, you specify the IP address or domain name of sites to allow. The domain (or host) name is the part of a URL that ends with .com, .net, .org, .biz, .gov, or .edu. Domain names can also end in a country code, such as .de (Germany) or .jp (Japan).
To add a domain name, type the URL pattern without the leading http://. For example, to allow your users to go to the Example website, http://www.example.com, type www.example.com. If you want to allow all subdomains that contain example.com, you can use the asterisk (*) as a wildcard character. For example, to allow users to go to www.example.com, and support.example.com type *.example.com.
- In the HTTP Proxy Action configuration, select HTTP Proxy Exceptions.
- In the text box, type the host name or host name pattern. Click Add.
- Repeat this process to add more exceptions.
- To add a traffic log message each time the HTTP-proxy takes an action on a proxy exception, select the Log each transaction that matches an HTTP proxy exception check box.
- To change settings for other categories in this proxy, see the topic for the next category you want to modify.
- Save the configuration.
If you modified a predefined proxy action, when you save the changes you are prompted to clone (copy) your settings to a new action.
For more information on predefined proxy actions, see About Proxy Actions.