MacOS Sierra not using the bypass proxy

roiegat
Contributor III

So we have a proxy server we have to authenticate to with all external traffic. Standard stuff for a big company. In the past we've used *.company.com in the proxy bypass and things that were local didn't go to the proxy server. It seems all traffic was being sent though the proxy server and local websites couldn't be reached. The only way to make it work is to add each server name to the bypass proxy (ie. jss.company.com). This process would make the bypass proxy quite a long list since we'd have to add all the server names. Btw, this is only happening in Safari. Chrome, which uses the system preferences as well has no issues connecting to local and external websites. Although Chrome seems to prompt for the proxy username and password - even though its already in the proxy information.

Now easy solution would be to force everyone to use chrome. But I can't do that since chrome is only approved for special use (like our web developers to ensure things look ok on it). So I'm trying to figure out why this is happening and how to fix it. I've also noticed that other apps, like citrix, which rely on the bypass proxies aren't working either.

So anyone know what makes Chrome work the best and Safari and other apps not use the bypass proxy correctly?

3 REPLIES 3

dng2000
Contributor II

Have you figured this out yet? I'm encountering the same problem today and when I ran scutil --proxy, the global proxy from the config profile has "BypassAllowed : 0" and I am suspecting that is the root cause of this problem.

sateshb
New Contributor III

Not sure if anyone figured this out yet but I ran into the same issue. Usually when things doesn't work as expected, I assume there is a bug with Jamf product, so I downloaded the Configuration Profile, unsigned it with Apple configurator and looked at the XML. Nothing stood out until I compared the keys to the documentation. The key "Exceptions" should be called "ExceptionsList", not sure why the Jamf profile has it that way.

After updating the key, upload it back to Jamf, you'll notice the bypass domains are not list, don't be too alarmed, they are in the xml. When the profile it upload and resigned, recommend downloading and testing it or you can scope it to a test machine.

Verified this works on 10.13.6, testing 10.14 now. c57b56a9b7a04ecdbf6e1d70ef0e9b7a

Ref: https://mosen.github.io/profiledocs/payloads/systemconfiguration.html

dng2000
Contributor II

Thank you for sharing your tip. I'll test this in my environment as soon as I can. :)