Skip to content

Add option to exclude ip/hostname from proxy#3000

Open
corest wants to merge 1 commit intoblacklanternsecurity:3.0from
corest:feature/exclude-proxy-config
Open

Add option to exclude ip/hostname from proxy#3000
corest wants to merge 1 commit intoblacklanternsecurity:3.0from
corest:feature/exclude-proxy-config

Conversation

@corest
Copy link
Copy Markdown

@corest corest commented Mar 30, 2026
edited
Loading

Motivation for this change is very simple.
I have internal Elasticsearch, that I use as http output destination in presets.
When I use web proxy to access some of targets from different locations, I run into issue, that bbot can't write results into Elasticsearch because it tries to go via proxy.
This configuration option adds possibility to exclude listed endpoints from going via proxy.

Most of code is written by Claude. I'll gladly address any comments on how to improve this. Sorry in advance, if change doesn't follow some of contribution rules.

@TheTechromancer
Copy link
Copy Markdown
Collaborator

TheTechromancer commented Mar 30, 2026

@corest thanks for the PR, this is a good feature to have.

This is pretty well implemented except for two things:

  1. we should be using the radixtarget library for these lookups, which is written in rust and avoids unnecessary parsing. This is the same mechanism we use currently for targets / blacklists.
  2. We need to have tests for it. Claude should be able to handle this pretty well based on the existing ones (I think we have proxy tests?).

Let me know if you want to make an update, otherwise we can do it but it may take a little longer.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 31, 2026
edited
Loading

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@corest
Copy link
Copy Markdown
Author

corest commented Mar 31, 2026

I have read the CLA Document and I hereby sign the CLA

bls-cla-bot bot added a commit to blacklanternsecurity/CLA that referenced this pull request Mar 31, 2026
@bls-cla-bot
@corest has signed the CLA in blacklanternsecurity/bbot#3000
b86621d
@corest
Copy link
Copy Markdown
Author

corest commented Mar 31, 2026

recheck

@corest
Copy link
Copy Markdown
Author

corest commented Mar 31, 2026

@TheTechromancer thx for a quick feedback. I updated PR addressing both comments:

  1. Using radixtarget library for lookups
  2. Adding tests for proxy exclusions

@liquidsec
Copy link
Copy Markdown
Contributor

liquidsec commented Mar 31, 2026
edited
Loading

before we get too deep, this is still targeting stable - with 3.0 release coming soon (hopefully) if we dont rebase to 3.0 now this will just create more work later.

I'm going to go ahead and change the base, you might get some conflicts... sorry

@TheTechromancer unless you think there's another 2.x.x release you want to stick this on?

@liquidsec liquidsec changed the base branch from stable to 3.0 March 31, 2026 14:22
@corest
Add option to exclude hosts/CIDRs from HTTP proxy
ae864c6 
Use radixtarget library for proxy exclusion lookups, consistent with
how targets and blacklists are handled. Supports hostnames, IPs, CIDRs,
and NO_PROXY conventions (*.domain, .domain, wildcard *).

- Add http_proxy_exclude config and --no-proxy CLI arg
- Export NO_PROXY environment variable for external tools
- Add tests for proxy exclusion and passthrough behavior
@corest corest force-pushed the feature/exclude-proxy-config branch from 9aef925 to ae864c6 Compare March 31, 2026 15:38
@TheTechromancer
Copy link
Copy Markdown
Collaborator

TheTechromancer commented Apr 1, 2026

@corest thanks for the updates; tests look good. We're currently replacing our web library so this will be merged as soon as that's done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@corest @TheTechromancer @liquidsec