Open Bug 235005 Opened 21 years ago Updated 11 months ago

PAC: prevents access to local adresses (cannot use "no proxy for" with automatic proxy)

Categories

(Core :: Networking: Proxy, enhancement, P5)

Product:
Core
Component:
Networking: Proxy
Platform:
x86
Windows XP
Type:
enhancement

Tracking

()

People

(Reporter: Lars.Plessmann, Unassigned)

References

(
URL
)

Details

(Whiteboard: [necko-would-take])

User-Agent: Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 I cannot connect to a localhost, if "retrieve automatic proxy" is activated. There should be a field of except-addresses, where the proxy is not used like in manual proxy configuration. Reproducible: Always Steps to Reproduce: 1. 2. 3. Expected Results: I want to connect to my localhost, but the proxy will be contacted though. local input-ip-addresses should be not accessed via proxy.
Assignee: general → darin
Component: Browser-General → Networking: HTTP
QA Contact: general → httpqa
Summary: Automatic Proxy Configuration locks local adresses → PAC: prevents access to local adresses
That's something which you should ask to your administrator, the one that maintains the PAC-file ... Suppose he/she doesn't want to to run a webserver or your localhost ? Bug 72444 ?
Agreed, dup of 72444. This is something the network admin should be dealing with. The reason for a remote PAC is so that the admin has control of what a workstation can access. That would be the best approach. <aside>Although the option should exist (though IMHO it should have a method of locking so the admin still can retain control if they so desire).</aside> *** This bug has been marked as a duplicate of 72444 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
REOPEN: This is not a dupe. Does that feature prevail over PAC in IE? What you need is a PAC file that gives you direct access to your system.
Status: VERIFIED → UNCONFIRMED
Resolution: DUPLICATE → ---
*** Bug 286369 has been marked as a duplicate of this bug. ***
-> NEW. This was never contemplated when PAC was designed. In those days, Windows and Mac desktop systems did not run many IP services.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: PAC: prevents access to local adresses → PAC: prevents access to local adresses (cannot use "no proxy for" with automatic proxy)
-> default owner
Assignee: darin → nobody
Component: Networking: HTTP → Networking
QA Contact: networking.http → networking
(In reply to comment #1) > That's something which you should ask to your administrator, the one that > maintains the PAC-file ... Suppose he/she doesn't want to to run a webserver or > your localhost ? > > Bug 72444 ? The subject PAC file is needed, in my opinion, to judge whether this is a valid behaviour or not, depending on whether or not it has logic for localhost.
The no proxy for is an override option. If a user runs apache or lighttpd locally on their own laptop (127.0.0.1, localhost, whichever) -- for example for web development -- they should be required to be subject to the whims of the network administrator or a poorly configured pac file as to whether or not they can access that local service. If for some surreal reason accessing one's own computer is against network policy, that's not something for firefox to judge for me - as a user I should be able to make that decision. I spose you could also consider it a bug that it tries to send 127.0.0.1 through the network, when it's clearly the standard identifier for the local computer -- and that there's no way to override this.
I got into the same problem today, when a PAC file was incorrect for some network (a local VPN shouldn't have gone through the proxy-server), but I couldn't add a 'no proxy for' rule. And the administrator refuses to change the PAC-file. Note: IE did it correctly, probably because 'use a proxy server for your LAN' was set to false. Although I do agree that an administrator should have the last word, there are still some situations where a user might need to bypass the PAC file. Maybe we can add another keyword in the PAC files that allows/forbids exceptions. An anal^H^H^H^Hdefensive administrator would still prevent its users to mess with the settings.
As per my comments form 376106 which was duped onto this: --- The scenario I have is where I have a proxy.pac that excludes all the standard internal servers at our company, but occasionally I want to do some work on an external website so would like to exclude it from getting cached - hence I'd like to easily be able to exclude another site or two. --- so in my case I'm not particularly interested in localhost as such ( I think I might have that in our company .pac anyway) but arbitrary other sites. Dave
I've got the same problem on my laptop. In my school (computing school), there in an proxy wich is automatically detected by firefox. But I personally use a VPN to connect to my home, and I need to switch the proxy to manual, in order to have access to the "No proxy for:" field. This field should also be enabled for others proxy mode (automatic and system-side configurations.) I saw in previous messages that I have to deal with the admin, but I don't see why connecting to my VPN from my laptop is his problem? Thanks, Elektordi
rather than no proxy for, the right thing might just be to not proxy localhost by default.
Whiteboard: [necko-would-take]
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P5
Severity: normal → S3

Moving bug to Core/Networking: Proxy.

Component: Networking → Networking: Proxy
You need to log in before you can comment on or make changes to this bug.