Lines Matching +full:ipv6 +full:- +full:multi +full:- +full:target

3 This document establishes basic proxy terminology and describes Chrome-specific
18 auto-config](https://en.wikipedia.org/wiki/Proxy_auto-config) scripts. For
30 The port number is optional in both formats. When omitted, a per-scheme default
33 See the [Proxy server schemes](#Proxy-server-schemes) section for details on
38 are generally identified less precisely by just an address -- the proxy
51 to send the request to. This can be either a proxy server, or the target host.
55 identifiers](#Proxy-server-identifiers).
59 * [Manual proxy settings](#Manual-proxy-settings) - proxy resolution is defined
64 * PAC script - proxy resolution is defined using a JavaScript program, that is
68 * Auto-detect - the WPAD protocol is used to probe the network (using DHCP/DNS)
84 * [DIRECT](#DIRECT-proxy-scheme)
85 * [HTTP](#HTTP-proxy-scheme)
86 * [HTTPS](#HTTPS-proxy-scheme)
87 * [SOCKSv4](#SOCKSv4-proxy-scheme)
88 * [SOCKSv5](#SOCKSv5-proxy-scheme)
89 * [QUIC](#QUIC-proxy-scheme)
98 sending the request directly to the target server.
105 * Example identifier (PAC): `PROXY proxy:8080`, `proxy` (non-standard; don't use)
117 method, so end-to-end encryption is not broken. However when establishing the
118 tunnel, the hostname of the target URL is sent to the proxy server in the
122 target servers: Basic, Digest, Negotiate, NTLM.
130 This works like an [HTTP proxy](#HTTP-proxy-scheme), except the
154 proxies](http://dev.chromium.org/developers/design-documents/secure-web-proxy)
170 When using a SOCKSv4 proxy, name resolution for target hosts is always done
172 target address as 4 octets, so IPv6 targets are not possible).
175 IPv6, namely SOCKSv4a. However Chrome does not allow configuring, or falling
199 A handy way to create a SOCKSv5 proxy is with `ssh -D`, which can be used to
202 In Chrome SOCKSv5 is only used to proxy TCP-based URL requests. It cannot be
213 proxy](#HTTPS-proxy-scheme), in that the connection to the proxy server
230 1. A mapping of URL schemes to [proxy server identifiers](#Proxy-server-identifiers).
231 2. A list of [proxy bypass rules](#Proxy-bypass-rules)
247 also supports idioms from other platforms -- for instance KDE's notion of
252 empty) lists of [proxy server identifiers](#Proxy-server-identifiers).
254   * proxies for HTTP - A list of proxy server identifiers to use for `http://`
255     requests, if non-empty.
256   * proxies for HTTPS - A list of proxy server identifiers to use for
257     `https://` requests, if non-empty.
258   * other proxies - A list of proxy server identifiers to use for everything
265 `--proxy-server=XXX` (and optionally `--proxy-bypass-list=YYY`)
268 Chrome with `--proxy-server="http://foo:8080"`. This translates to:
270   * proxies for HTTP - *empty*
271   * proxies for HTTPS - *empty*
272   * other proxies - `http://foo:8080`
277 `--proxy-server="http://foo:8080,direct://"` (note the comma separated list).
280   * proxies for HTTP - *empty*
281   * proxies for HTTPS - *empty*
282   * other proxies - `http://foo:8080`, `direct://`
287 `--proxy-server="http=https://foo:443;socks=socks5://mysocks:1080"`. This now
290   * proxies for HTTP - `https://foo:443`
291   * proxies for HTTPS - *empty*
292   * other proxies - `socks5://mysocks:1080`
306 [Manual proxy settings](#Manual-proxy-settings) don't have mappings for `ws://`
312 * If "other proxies" is non-empty use it
313 * If "proxies for HTTPS" is non-empty use it
323 Most platforms' [manual proxy settings](#Manual-proxy-settings) allow
334 identifiers](#proxy-server-identifiers), Chrome's [manual proxy
335 settings](#Manual-proxy-settings) lets you specify a list of "proxy bypass
348 `--proxy-bypass-list="RULES"` switch can be used, where `RULES` is a semicolon
369 * `foobar.com` - Matches URL of any scheme and port, whose normalized host is
371 * `*foobar.com` - Matches URL of any scheme and port, whose normalized host
373 * `*.org:443` - Matches URLs of any scheme, using port 443 and whose top level
375 * `https://x.*.y.com:99` - Matches https:// URLs on port 99 whose normalized
389 * `.google.com` - Matches `calendar.google.com` and `foo.bar.google.com`, but
391 * `http://.google.com` - Matches only http:// URLs that are a subdomain of `google.com`.
402 `[::1]` are equivalent (both represent the same IPv6 address).
408 * `[::1]` - Matches any URL to the IPv6 loopback address.
409 * `[0:0::1]` - Same as above
410 * `http://[::1]:99` - Matches any http:// URL to the IPv6 loopback on port 99
422 literals](#Meaning-of-IP-address-range-bypass-rules).
428 ### Bypass rule: IPv6 address range
434 Matches any URL that is an IPv6 literal that falls between the given range.
435 Note that IPv6 literals must *not* be bracketed.
438 literals](#Meaning-of-IP-address-range-bypass-rules).
443 * `[fefe::]/40` -- WRONG! IPv6 literals must not be bracketed.
452 is a naive string search -- meaning that periods appearing *anywhere* count
461 implicitly](#Implicit-bypass-rules).
466 <-loopback>
469 *Subtracts* the [implicit proxy bypass rules](#Implicit-bypass-rules)
478 in a left-to-right order. `<-loopback>;127.0.0.1` has a subtly different effect
479 than `127.0.0.1;<-loopback>`.
512 whose host portion is either a localhost name or a link-local IP literal.
528 platform-level proxy support on Windows and macOS (albeit with some differences
529 due to their implementation quirks - see compatibility notes in
542   [`--winhttp-proxy-resolver`](#winhttp_proxy_resolver-command-line-switch).
551 `<-loopback>`. This has the effect of _subtracting_ the implicit rules.
556 --proxy-bypass-list="<-loopback>"
567 identifiers](#Proxy-server-identifiers) to use for a
603 left-to-right order.
608 means that `http://proxy1:80` is de-prioritized with respect to
645 chrome://net-export/](https://dev.chromium.org/for-testers/providing-network-details).
647 viewer](https://netlog-viewer.appspot.com/).
654   re-ordered proxy list was after taking into account bad proxies.
661 [chrome://net-internals/#proxy](chrome://net-internals/#proxy). Note the UI
723 This API is [inherently ambiguous when used on multi-homed
724 hosts](#myIpAddress_myIpAddressEx_and-multi_homed-hosts), as such hosts can
729 ordered steps and short-circuiting once the first candidate IP is found:
743 Note that when searching for candidate IP addresses, link-local and loopback
744 addresses are skipped over. Link-local or loopback address will only be returned as a
747 This sequence of steps explicitly favors IPv4 over IPv6 results, to match
748 Internet Explorer's IPv6 support.
756 extension](https://docs.microsoft.com/en-us/windows/desktop/winhttp/myipaddressex)
760 can return multiple IP addresses. It returns a string containing a semi-colon
769   interfaces](#myIpAddress_myIpAddressEx_and-multi_homed-hosts)
770 * Chrome does not return link-local or loopback addresses (except if no other
789 Note that short-circuiting happens whenever steps 1-3 find a candidate IP. So
791 public Internet, only those IPs will be returned, and steps 2-3 will not run.
793 ## myIpAddress() / myIpAddressEx() and multi-homed hosts
805 and may not address all use-cases.
810 Moreover, note that Chrome does not support the Firefox-specific
812 special side-effect in Chrome. Whereas in Firefox it reconfigures
813 `myIpAddress()` to be dependent on the target URL that `FindProxyForURL()` was
822   out-of-process as on Desktop Chrome. This architectural difference is
870 a long-lived Java Script context) will be assumed to be fresh until either:
874 * A user explicitly invalidates PAC through `chrome://net-internals#proxy`
876 Once considered stale, the PAC URL will be re-fetched the next time proxy
897 re-fetch it:
908 Similarly to successful fetches, the PAC URL will be also be re-fetched
910 invalidated via `chrome://net-internals#proxy`.
914 Note that UTF-8 is *not* the default interpretation of PAC response bodies.
918 1. The `charset` property of the HTTP response's `Content-Type`
920 3. Otherwise defaults to ISO-8859-1.
922 When setting the `Content-Type`, servers should prefer using a mime type of
923 `application/x-ns-proxy-autoconfig` or `application/x-javascript-config`.
931 net-export](https://www.chromium.org/for-testers/providing-network-details),
936 3. In a new tab, navigate to `chrome://net-internals/#proxy` and click both
937    buttons ("Re-apply settings" and "Clear bad proxies").
943 Viewer](https://netlog-viewer.appspot.com/). See the next section for some tips
948 Load saved Net Logs using [Net Log Viewer](https://netlog-viewer.appspot.com/).
952 Start by getting a big-picture view of the proxy settings by clicking to the
959   * Command line flags (ex: `--proxy-server`)
960 …* (per-profile) Chrome extensions (ex: [chrome.proxy](https://developer.chrome.com/extensions/prox…
961   * (per-network) System proxy settings
963 * Was [proxy autodetect (WPAD)](#Web-Proxy-Auto_Discovery-WPAD) specified? In
967 * Internally, proxy settings are per-NetworkContext. The proxy
969   one associated with the Profile used to navigate to `chrome://net-export`. For
970   instance if the net-export was initiated from an Incognito window, it may
971   show different proxy settings here than a net-export capture initiated by a
972   non-Incognito window. When the net-export was triggered from command line
973   (`--log-net-log`) no particular NetworkContext is associated with the
981 field trials. A find-in-page for `proxy` is a good starting point. Be on the lookout for
982 [`--winhttp-proxy-resolver`](#winhttp_proxy_resolver-command-line-switch) which
1001 of any PAC scripts/auto-detect can change.
1003 ## Web Proxy Auto-Discovery (WPAD)
1008 1. DHCP-based WPAD (option 252)
1009 2. DNS-based WPAD
1011 These are tried in order, however DHCP-based WPAD is only supported for Chrome
1016 ### Chrome on macOS support for DHCP-based WPAD
1018 Chrome on macOS does not support DHCP-based WPAD when configured to use
1021 However, macOS might perform DHCP-based WPAD and embed this discovered PAC URL
1023 to "use system proxy settings" it may behave as if it supports DHCP-based WPAD.
1025 ### Dangers of DNS-based WPAD and DNS search suffix list
1027 DNS-based WPAD involves probing for the non-FQDN `wpad`. This means
1042    Vulnerability](https://www.us-cert.gov/ncas/alerts/TA16-144A)
1044 ## --winhttp-proxy-resolver command line switch
1046 Passing the `--winhttp-proxy-resolver` command line argument instructs Chrome
1057 smilar meaning on other platforms (macOS), despite its Windows-specific naming.