This article explains how to bypass an upstream proxy for a specific domain.
An upstream proxy is in use but some domains should not be requested via the upstream proxy.
This can be solved using the upstream proxy section and the filters associated with that section. The final setup does have to use a bit of reverse logic though.
Procedure
- Define the upstream proxy, see our help topic, Managing a single or multiple upstream proxies.
- Define a destination upstream proxy filter, including the domain you want to bypass the upstream proxy for, see our help topic, Creating upstream proxies.
- Go to the Manage policies page, and see our help topic, Managing a single or multiple upstream proxies, to configure the following:
- Default upstream proxy None
- Allow direct connections Selected
- Leak client IP with X-forwarded-For header Not selected
- Add the following policies:
- A policy to block the destination filter from going to the upstream proxy
- A policy to allow everything else to the upstream proxy
- Ensure the policies are the order listed above. The logic sequence is: If you're going to the destination, we don't want to be sent via the upstream proxy. Deny the destination from going via the upstream proxy. If we are going anywhere else but the filter destination, use the upstream proxy. What's left is the destination filter and the "no default upstream proxy" setting so the destination filter traffic will use that.
- Save and restart the web proxy see our help topic, Configuring the web proxy.